netfilter: nf_tables: fix loop checking with end interval elements



Fix access to uninitialized data for end interval elements. The
element data part is uninitialized in interval end elements.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 2fb91ddb

net/netfilter/nf_tables_api.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -2998,6 +2998,9 @@ static int nf_tables_loop_check_setelem(const struct nft_ctx *ctx,
		const struct nft_set_iter *iter,
		const struct nft_set_elem *elem)
		{
		if (elem->flags & NFT_SET_ELEM_INTERVAL_END)
		return 0;

		switch (elem->data.verdict) {
		case NFT_JUMP:
		case NFT_GOTO: