Allocation of the temporary array did not account for a terminating NULL
entry, causing array boundary overstepping in the called
xtables_merge_options(), causing spurious errors in extension parameter
parsing.
Fixes: ed8c3ea4015f0 ("libxtables: Combine the two extension option mergers")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
libxtables/xtoptions.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libxtables/xtoptions.c b/libxtables/xtoptions.c
index e27223e339cb2..433a686c2b595 100644
--- a/libxtables/xtoptions.c
+++ b/libxtables/xtoptions.c
@@ -93,12 +93,13 @@ xtables_options_xfrm(struct option *orig_opts, struct option *oldopts,
for (num_new = 0; entry[num_new].name != NULL; ++num_new)
;
- mp = xtables_calloc(num_new, sizeof(*mp));
+ mp = xtables_calloc(num_new + 1, sizeof(*mp));
for (i = 0; i < num_new; i++) {
mp[i].name = entry[i].name;
mp[i].has_arg = entry[i].type != XTTYPE_NONE;
mp[i].val = entry[i].id;
}
+
merge = xtables_merge_options(orig_opts, oldopts, mp, offset);
free(mp);
--
2.41.0
