git.ipfire.org Git - thirdparty/iptables.git/commit

author	Phil Sutter <phil@nwl.cc>
	Wed, 30 Nov 2022 19:03:30 +0000 (20:03 +0100)
committer	Phil Sutter <phil@nwl.cc>
	Fri, 2 Dec 2022 00:44:17 +0000 (01:44 +0100)
commit	39a2aa8cbfc99f4a75dfc0786a80ced90952ab29
tree	dba399e20b19036e2a9a9198053fe458d8fc02ab	tree
parent	16e1ce4ed32ac86eb834531282ae14fdb4e102ac	commit \| diff

libiptc: Eliminate garbage access

When adding a rule, valgrind prints:

Syscall param socketcall.setsockopt(optval) points to uninitialised byte(s)
   at 0x4A8165A: setsockopt (in /lib64/libc.so.6)
   by 0x4857A48: iptc_commit (libiptc.c:2676)
   by 0x10E4BB: iptables_main (iptables-standalone.c:61)
   by 0x49A3349: (below main) (in /lib64/libc.so.6)
Address 0x4b63788 is 40 bytes inside a block of size 1,448 alloc'd
   at 0x484659F: calloc (vg_replace_malloc.c:1328)
   by 0x4857654: iptc_commit (libiptc.c:2564)
   by 0x10E4BB: iptables_main (iptables-standalone.c:61)
   by 0x49A3349: (below main) (in /lib64/libc.so.6)

This is because repl->counters is not initialized upon allocation. Since
the field is an array, make use of calloc() which implicitly does the
initialization.

Fixes: e37c0dc100c51 ("Revert the recent addition of memset()'s to TC_COMMIT. One of them is bogus and the other one needs more investigation to why valgrind is complaining.")
Signed-off-by: Phil Sutter <phil@nwl.cc>