From 5edb249b25da2d27bca886eb1aa03e6ce65cc8ca Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Mon, 12 Nov 2018 18:04:45 +0100
Subject: libxtables: xlate: init buffer to zero

Doesn't affect iptables-xlate, but nft (when built w. xtables support).

Without this, nft can print random content if an extension doesn't
add anything to the output xlate buffer, e.g.

-p mh -m mh

can cause nft to print random data after "meta l4proto mobility",
as mh ->xlate doesn't do anything in this case.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 libxtables/xtables.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'libxtables')

diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 11231fc4..ea9bb102 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -2212,6 +2212,7 @@ struct xt_xlate *xt_xlate_alloc(int size)
 	if (xl->buf.data == NULL)
 		xtables_error(RESOURCE_PROBLEM, "OOM");
 
+	xl->buf.data[0] = '\0';
 	xl->buf.size = size;
 	xl->buf.rem = size;
 	xl->buf.off = 0;
-- 
cgit v1.2.3