From 460e74ec972698878576937a1bce5b54b983f656 Mon Sep 17 00:00:00 2001
From: Ivan Pavlov <AuthorReflex@gmail.com>
Date: Sun, 23 Feb 2025 22:43:04 +0300
Subject: [PATCH] firewall3: set xtables.options to NULL before first extension
 is loaded

Due to fix for memleak in option merging in new version, set xtables.options to NULL
before first extension is loaded as in main iptables tree [1]

[1]
https://git.netfilter.org/iptables/commit/?id=933e605154c439218f73f48b028abbeed336c3c5

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
---
 iptables.c   |  6 +++---
 xtables-10.h | 18 ++++++++++--------
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/iptables.c b/iptables.c
index d03d1dd..3dc5283 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1694,7 +1694,7 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...)
 	va_end(ap);
 
 	g = (r->h->family == FW3_FAMILY_V6) ? &xtg6 : &xtg;
-	g->opts = g->orig_opts;
+	//g->opts = g->orig_opts;
 
 	optind = 0;
 	opterr = 0;
@@ -1709,8 +1709,8 @@ __fw3_ipt_rule_append(struct fw3_ipt_rule *r, bool repl, const char *fmt, ...)
 
 	set_rule_tag(r);
 
-	while ((optc = getopt_long(r->argc, r->argv, "-:m:j:i:o:s:d:", g->opts,
-	                           NULL)) != -1)
+	while ((optc = getopt_long(r->argc, r->argv, "-:m:j:i:o:s:d:",
+				   g->opts ?: g->orig_opts, NULL)) != -1)
 	{
 		switch (optc)
 		{
diff --git a/xtables-10.h b/xtables-10.h
index 6a2275d..8c3e6c8 100644
--- a/xtables-10.h
+++ b/xtables-10.h
@@ -70,14 +70,14 @@ fw3_xt_merge_match_options(struct xtables_globals *g, struct xtables_match *m)
 {
 	if (m->x6_options)
 		g->opts = xtables_options_xfrm(g->orig_opts, g->opts,
-									   m->x6_options, &m->option_offset);
-
-	if (m->extra_opts)
+						m->x6_options, &m->option_offset);
+	else if (m->extra_opts)
 		g->opts = xtables_merge_options(g->orig_opts, g->opts,
-										m->extra_opts, &m->option_offset);
+						m->extra_opts, &m->option_offset);
+	else
+		return;
 }
 
-
 static inline const char *
 fw3_xt_get_target_name(struct xtables_target *t)
 {
@@ -115,10 +115,12 @@ fw3_xt_merge_target_options(struct xtables_globals *g, struct xtables_target *t)
 {
 	if (t->x6_options)
 		g->opts = xtables_options_xfrm(g->orig_opts, g->opts,
-		                               t->x6_options, &t->option_offset);
-	else
+						t->x6_options, &t->option_offset);
+	else if (t->extra_opts)
 		g->opts = xtables_merge_options(g->orig_opts, g->opts,
-		                                t->extra_opts, &t->option_offset);
+						t->extra_opts, &t->option_offset);
+	else
+		return;
 }
 
 static inline void