Make sure to zero all the memory we allocate for the new table.

Makes flushing of chains containing more than a few entries work without
potentially oopsing the kernel.

diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 7c711b195370b8bd04e559113282bea6587a5851..957af672e769f50ea5a564092c0a5968b5ab9931 100644 (file)
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -1,4 +1,4 @@
-/* Library which manipulates firewall rules.  Version $Revision: 1.54 $ */
+/* Library which manipulates firewall rules.  Version $Revision: 1.55 $ */
 
 /* Architecture of firewall rules is as follows:
  *
@@ -1962,7 +1962,7 @@ TC_COMMIT(TC_HANDLE_T *handle)
                errno = ENOMEM;
                return 0;
        }
-       memset(repl, 0, sizeof(*repl));
+       memset(repl, 0, sizeof(*repl) + new_size);
 
        counterlen = sizeof(STRUCT_COUNTERS_INFO)
                        + sizeof(STRUCT_COUNTERS) * new_number;