base/SOURCES/ip-6-tables-restore-Fix-for...

From 721bb877b759a0c92e6b019447fd3ee33d123cc0 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Fri, 15 Mar 2019 17:50:10 +0100
Subject: [PATCH] ip{, 6}tables-restore: Fix for uninitialized array 'curtable'

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1525980
Upstream Status: iptables commit 4e499d53d558b

commit 4e499d53d558bed55c8fe74390250dbfd6da3efc
Author: Phil Sutter <phil@nwl.cc>
Date:   Wed Sep 19 15:16:46 2018 +0200

    ip{, 6}tables-restore: Fix for uninitialized array 'curtable'

    When reading sufficiently malformed input, parser might hit end of
    loop without having written the current table name into curtable and
    therefore calling strcmp() with uninitialized buffer. Avoid this by
    setting curtable to zero upon declaration.

    Signed-off-by: Phil Sutter <phil@nwl.cc>
    Signed-off-by: Florian Westphal <fw@strlen.de>

Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 iptables/ip6tables-restore.c | 2 +-
 iptables/iptables-restore.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c
index e2a82c57bd426..d610360a1c1ff 100644
--- a/iptables/ip6tables-restore.c
+++ b/iptables/ip6tables-restore.c
@@ -192,7 +192,7 @@ int ip6tables_restore_main(int argc, char *argv[])
 	struct xtc_handle *handle = NULL;
 	char buffer[10240];
 	int c, lock;
-	char curtable[XT_TABLE_MAXNAMELEN + 1];
+	char curtable[XT_TABLE_MAXNAMELEN + 1] = {};
 	FILE *in;
 	int in_table = 0, testing = 0;
 	const char *tablename = NULL;
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index af0c79408631d..db77fb77b3c98 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -191,7 +191,7 @@ iptables_restore_main(int argc, char *argv[])
 	struct xtc_handle *handle = NULL;
 	char buffer[10240];
 	int c, lock;
-	char curtable[XT_TABLE_MAXNAMELEN + 1];
+	char curtable[XT_TABLE_MAXNAMELEN + 1] = {};
 	FILE *in;
 	int in_table = 0, testing = 0;
 	const char *tablename = NULL;
-- 
2.21.0
iptables package update Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org> 4 years ago			`From 721bb877b759a0c92e6b019447fd3ee33d123cc0 Mon Sep 17 00:00:00 2001`
			`From: Phil Sutter <psutter@redhat.com>`
			`Date: Fri, 15 Mar 2019 17:50:10 +0100`
			`Subject: [PATCH] ip{, 6}tables-restore: Fix for uninitialized array 'curtable'`

			`Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1525980`
			`Upstream Status: iptables commit 4e499d53d558b`

			`commit 4e499d53d558bed55c8fe74390250dbfd6da3efc`
			`Author: Phil Sutter <phil@nwl.cc>`
			`Date: Wed Sep 19 15:16:46 2018 +0200`

			`ip{, 6}tables-restore: Fix for uninitialized array 'curtable'`

			`When reading sufficiently malformed input, parser might hit end of`
			`loop without having written the current table name into curtable and`
			`therefore calling strcmp() with uninitialized buffer. Avoid this by`
			`setting curtable to zero upon declaration.`

			`Signed-off-by: Phil Sutter <phil@nwl.cc>`
			`Signed-off-by: Florian Westphal <fw@strlen.de>`

			`Signed-off-by: Phil Sutter <psutter@redhat.com>`
			`---`
			`iptables/ip6tables-restore.c \| 2 +-`
			`iptables/iptables-restore.c \| 2 +-`
			`2 files changed, 2 insertions(+), 2 deletions(-)`

			`diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c`
			`index e2a82c57bd426..d610360a1c1ff 100644`
			`--- a/iptables/ip6tables-restore.c`
			`+++ b/iptables/ip6tables-restore.c`
			`@@ -192,7 +192,7 @@ int ip6tables_restore_main(int argc, char *argv[])`
			`struct xtc_handle *handle = NULL;`
			`char buffer[10240];`
			`int c, lock;`
			`- char curtable[XT_TABLE_MAXNAMELEN + 1];`
			`+ char curtable[XT_TABLE_MAXNAMELEN + 1] = {};`
			`FILE *in;`
			`int in_table = 0, testing = 0;`
			`const char *tablename = NULL;`
			`diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c`
			`index af0c79408631d..db77fb77b3c98 100644`
			`--- a/iptables/iptables-restore.c`
			`+++ b/iptables/iptables-restore.c`
			`@@ -191,7 +191,7 @@ iptables_restore_main(int argc, char *argv[])`
			`struct xtc_handle *handle = NULL;`
			`char buffer[10240];`
			`int c, lock;`
			`- char curtable[XT_TABLE_MAXNAMELEN + 1];`
			`+ char curtable[XT_TABLE_MAXNAMELEN + 1] = {};`
			`FILE *in;`
			`int in_table = 0, testing = 0;`
			`const char *tablename = NULL;`
			`--`
			`2.21.0`