netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error

It is possible that ctx in nfqnl_build_packet_message() could be used before it is properly initialize, which is only initialized by nfqnl_get_sk_secctx(). This patch corrects this problem by initializing the lsmctx to a safe value when it is declared. This is similar to the commit 35fcac7a7c25 ("audit: Initialize lsmctx to avoid memory allocation error"). Fixes: 2d470c778120 ("lsm: replace context+len with lsm_context") Signed-off-by: Chenyuan Yang <chenyuan0y@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Chenyuan Yang <chenyuan0y@gmail.com> 2025-03-13 22:54:41 +0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2025-03-23 12:20:33 +0300
commit: 778b09d91baafb13408470c721d034d6515cfa5a (patch)
tree: 32a51abdecacd193fc8345b961c05567f8fb8369
parent: eaaff9b6702e99be5d79135f2afa9fc48a0d59e0 (diff)
download: linux-778b09d91baafb13408470c721d034d6515cfa5a.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 5c913987901a..8b7b39d8a109 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -567,7 +567,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	enum ip_conntrack_info ctinfo = 0;
 	const struct nfnl_ct_hook *nfnl_ct;
 	bool csum_verify;
-	struct lsm_context ctx;
+	struct lsm_context ctx = { NULL, 0, 0 };
 	int seclen = 0;
 	ktime_t tstamp;
author	Chenyuan Yang <chenyuan0y@gmail.com>	2025-03-13 22:54:41 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2025-03-23 12:20:33 +0300
commit	778b09d91baafb13408470c721d034d6515cfa5a (patch)
tree	32a51abdecacd193fc8345b961c05567f8fb8369
parent	eaaff9b6702e99be5d79135f2afa9fc48a0d59e0 (diff)
download	linux-778b09d91baafb13408470c721d034d6515cfa5a.tar.xz