aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVasiliy Kulikov <segooon@gmail.com>2010-11-03 03:45:06 -0400
committerPatrick McHardy <kaber@trash.net>2010-11-03 03:45:06 -0400
commitb5f15ac4f89f84853544c934fc7a744289e95e34 (patch)
tree35f89a706003f9e9343bd63fc5d560cf33a579a7
parent1a8b7a67224eb0c9dbd883b9bfc4938278bad370 (diff)
ipv4: netfilter: ip_tables: fix information leak to userland
Structure ipt_getinfo is copied to userland with the field "name" that has the last elements unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r--net/ipv4/netfilter/ip_tables.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index d31b007a6d80..a846d633b3b6 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1124,6 +1124,7 @@ static int get_info(struct net *net, void __user *user,
1124 private = &tmp; 1124 private = &tmp;
1125 } 1125 }
1126#endif 1126#endif
1127 memset(&info, 0, sizeof(info));
1127 info.valid_hooks = t->valid_hooks; 1128 info.valid_hooks = t->valid_hooks;
1128 memcpy(info.hook_entry, private->hook_entry, 1129 memcpy(info.hook_entry, private->hook_entry,
1129 sizeof(info.hook_entry)); 1130 sizeof(info.hook_entry));