From effbcf38424fe163d04f1f4339e7fd3455066557 Mon Sep 17 00:00:00 2001
From: Gleb Smirnoff <glebius@FreeBSD.org>
Date: Tue, 18 Sep 2012 09:15:32 +0000
Subject: [PATCH] Fix DIOCNATLOOK: zero key padding before performing lookup.

---
 sys/netpfil/pf/pf_ioctl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c
index 032f05127715..d2d580da2d73 100644
--- a/sys/netpfil/pf/pf_ioctl.c
+++ b/sys/netpfil/pf/pf_ioctl.c
@@ -1808,6 +1808,7 @@ DIOCGETSTATES_full:
 		    (!pnl->dport || !pnl->sport)))
 			error = EINVAL;
 		else {
+			bzero(&key, sizeof(key));
 			key.af = pnl->af;
 			key.proto = pnl->proto;
 			PF_ACPY(&key.addr[sidx], &pnl->saddr, pnl->af);