Doesn't affect iptables-translate, but nft (when built with
xtables support).
Current nftables may print the buffer withput checking if
the ->xlate() callback returned 0, so ->data with garbage/random
content can be printed.
Signed-off-by: Florian Westphal <f...@strlen.de>
---
libxtables/xtables.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index 11231fc473d5..ea9bb102c8eb 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -2212,6 +2212,7 @@ struct xt_xlate *xt_xlate_alloc(int size)
if (xl->buf.data == NULL)
xtables_error(RESOURCE_PROBLEM, "OOM");
+ xl->buf.data[0] = '\0';
xl->buf.size = size;
xl->buf.rem = size;
xl->buf.off = 0;
--
2.18.1
