]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2f0139b)
cache: initialize filter when fetching implicit chains
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 17 Sep 2024 17:18:09 +0000 (19:18 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 23 Jan 2025 00:35:37 +0000 (01:35 +0100)
commit e3d2a5e852ceea587bfff5878e6e5c569f15116a upstream.

ASAN reports:

  src/cache.c:734:25: runtime error: load of value 189, which is not a valid value for type '_Bool'

because filter->reset.rule remains uninitialized.

Initialize filter and replace existing construct to initialize table and
chain which leaves remaining fields uninitialized.

Fixes: dbff26bfba83 ("cache: consolidate reset command")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/cache.c patch | blob | blame | history

diff --git a/src/cache.c b/src/cache.c
index d9324f74878f988f878ed7e5112f38d23b7e46af..ca00a818c20b6c90aa6625054ad54e067f706d59 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -969,13 +969,14 @@ err_ctx_list:
 static int implicit_chain_cache(struct netlink_ctx *ctx, struct table *table,
                                const char *chain_name)
 {
-       struct nft_cache_filter filter;
+       struct nft_cache_filter filter = {};
        struct chain *chain;
        int ret = 0;
 
        list_for_each_entry(chain, &table->chain_bindings, cache.list) {
                filter.list.table = table->handle.table.name;
                filter.list.chain = chain->handle.chain.name;
+
                ret = rule_init_cache(ctx, table, &filter);
        }
 
Mirror of git://git.netfilter.org/nftables