From 721bb877b759a0c92e6b019447fd3ee33d123cc0 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 15 Mar 2019 17:50:10 +0100 Subject: [PATCH] ip{, 6}tables-restore: Fix for uninitialized array 'curtable' Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1525980 Upstream Status: iptables commit 4e499d53d558b commit 4e499d53d558bed55c8fe74390250dbfd6da3efc Author: Phil Sutter Date: Wed Sep 19 15:16:46 2018 +0200 ip{, 6}tables-restore: Fix for uninitialized array 'curtable' When reading sufficiently malformed input, parser might hit end of loop without having written the current table name into curtable and therefore calling strcmp() with uninitialized buffer. Avoid this by setting curtable to zero upon declaration. Signed-off-by: Phil Sutter Signed-off-by: Florian Westphal Signed-off-by: Phil Sutter --- iptables/ip6tables-restore.c | 2 +- iptables/iptables-restore.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/iptables/ip6tables-restore.c b/iptables/ip6tables-restore.c index e2a82c57bd426..d610360a1c1ff 100644 --- a/iptables/ip6tables-restore.c +++ b/iptables/ip6tables-restore.c @@ -192,7 +192,7 @@ int ip6tables_restore_main(int argc, char *argv[]) struct xtc_handle *handle = NULL; char buffer[10240]; int c, lock; - char curtable[XT_TABLE_MAXNAMELEN + 1]; + char curtable[XT_TABLE_MAXNAMELEN + 1] = {}; FILE *in; int in_table = 0, testing = 0; const char *tablename = NULL; diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c index af0c79408631d..db77fb77b3c98 100644 --- a/iptables/iptables-restore.c +++ b/iptables/iptables-restore.c @@ -191,7 +191,7 @@ iptables_restore_main(int argc, char *argv[]) struct xtc_handle *handle = NULL; char buffer[10240]; int c, lock; - char curtable[XT_TABLE_MAXNAMELEN + 1]; + char curtable[XT_TABLE_MAXNAMELEN + 1] = {}; FILE *in; int in_table = 0, testing = 0; const char *tablename = NULL; -- 2.21.0