netfilter: nf_tables: initialize registers in nft_do_chain()

Initialize registers to avoid stack leak into userspace.

Fixes: 96518518cc41 ("netfilter: add nftables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index 36e73f9828c50b5f45380451f187ccbdc65d1412..8af98239655db3f7f62a7515b645082f97a88bb3 100644 (file)
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -201,7 +201,7 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv)
        const struct nft_rule_dp *rule, *last_rule;
        const struct net *net = nft_net(pkt);
        const struct nft_expr *expr, *last;
-       struct nft_regs regs;
+       struct nft_regs regs = {};
        unsigned int stackptr = 0;
        struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE];
        bool genbit = READ_ONCE(net->nft.gencursor);