Doesn't affect iptables-translate, but nft (when built with xtables support). Current nftables may print the buffer withput checking if the ->xlate() callback returned 0, so ->data with garbage/random content can be printed. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- libxtables/xtables.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libxtables/xtables.c b/libxtables/xtables.c index 11231fc473d5..ea9bb102c8eb 100644 --- a/libxtables/xtables.c +++ b/libxtables/xtables.c @@ -2212,6 +2212,7 @@ struct xt_xlate *xt_xlate_alloc(int size) if (xl->buf.data == NULL) xtables_error(RESOURCE_PROBLEM, "OOM"); + xl->buf.data[0] = '\0'; xl->buf.size = size; xl->buf.rem = size; xl->buf.off = 0; -- 2.18.1
