netfilter: nft_flow_offload: zero device address for non-ether case

LLM points out that the skip causes unitialised stack array to
propagate down into dev_fill_forward_path().  Its not clear to me that
there is a guarantee that a later ctx.dev->netdev_ops->ndo_fill_forward_path()
would always fix this up.

Cc: Felix Fietkau <nbd@nbd.name>
Fixes: 45ca3e61999e ("netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_flow_table_path.c b/net/netfilter/nf_flow_table_path.c
index 1e7e216b9f8945a05cbb3d29ffb945d82cd928d3..98c03b487f52110f052858da7d7ab7024c5d559b 100644 (file)
--- a/net/netfilter/nf_flow_table_path.c
+++ b/net/netfilter/nf_flow_table_path.c
@@ -53,8 +53,10 @@ static int nft_dev_fill_forward_path(const struct nf_flow_route *route,
        struct neighbour *n;
        u8 nud_state;
 
-       if (!nft_is_valid_ether_device(dev))
+       if (!nft_is_valid_ether_device(dev)) {
+               eth_zero_addr(ha);
                goto out;
+       }
 
        n = dst_neigh_lookup(dst_cache, daddr);
        if (!n)