Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e0ffdbc7 authored by Liping Zhang's avatar Liping Zhang Committed by Pablo Neira Ayuso
Browse files

netfilter: nft_fib_ipv4: initialize *dest to zero 



Otherwise, if fib lookup fail, *dest will be filled with garbage value,
so reverse path filtering will not work properly:
 # nft add rule x prerouting fib saddr oif eq 0 drop

Fixes: f6d0cbcf ("netfilter: nf_tables: add fib expression")
Signed-off-by: default avatarLiping Zhang <zlpnobody@gmail.com>
Acked-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 11583438

net/ipv4/netfilter/nft_fib_ipv4.c

+2 −0
Original line number Diff line number Diff line
@@ -122,6 +122,8 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs, 
		fl4.saddr = get_saddr(iph->daddr);

	}



	*dest = 0;



	if (fib_lookup(nft_net(pkt), &fl4, &res, FIB_LOOKUP_IGNORE_LINKSTATE))

		return;