ruleset: Avoid reading garbage in nftnl_ruleset_cb()

If nftnl_ruleset_json_parse() is called with arg == NULL, ctx.data is
left uninitialized and will later be used in nftnl_ruleset_cb(). Avoid
this by using a C99-style initializer for 'ctx' which sets all omitted
fields to zero.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/ruleset.c b/src/ruleset.c
index 3de9b87283292ae5afc8dd17aa0247564ac661ab..cf86ca68a51f329a59ec8e811aa4f7db7972e14c 100644 (file)
--- a/src/ruleset.c
+++ b/src/ruleset.c
@@ -519,11 +519,11 @@ static int nftnl_ruleset_json_parse(const void *json,
        json_error_t error;
        int i, len;
        const char *key;
-       struct nftnl_parse_ctx ctx;
-
-       ctx.cb = cb;
-       ctx.format = type;
-       ctx.flags = 0;
+       struct nftnl_parse_ctx ctx = {
+               .cb = cb,
+               .format = type,
+               .flags = 0,
+       };
 
        ctx.set_list = nftnl_set_list_alloc();
        if (ctx.set_list == NULL)