tc: m_xt: Prevent a segfault in libipt

This happens with NAT targets, such as SNAT, DNAT and MASQUERADE. These
are still not usable with this patch, but at least tc doesn't crash
anymore when one tries to use them.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/tc/m_xt.c b/tc/m_xt.c
index e59df8e10afeffc76d51e9384eee185466c6b693..ad52d239caf6118a862d11e5a9ecf7a0c3daf646 100644 (file)
--- a/tc/m_xt.c
+++ b/tc/m_xt.c
@@ -146,6 +146,9 @@ static int parse_ipt(struct action_util *a, int *argc_p,
                     char ***argv_p, int tca_id, struct nlmsghdr *n)
 {
        struct xtables_target *m = NULL;
+#if XTABLES_VERSION_CODE >= 6
+       struct ipt_entry fw = {};
+#endif
        struct rtattr *tail;
 
        int c;
@@ -206,7 +209,7 @@ static int parse_ipt(struct action_util *a, int *argc_p,
                default:
 #if XTABLES_VERSION_CODE >= 6
                        if (m != NULL && m->x6_parse != NULL) {
-                               xtables_option_tpcall(c, argv, 0, m, NULL);
+                               xtables_option_tpcall(c, argv, 0, m, &fw);
 #else
                        if (m != NULL && m->parse != NULL) {
                                m->parse(c - m->option_offset, argv, 0,