diff options
author | Vasiliy Kulikov <segooon@gmail.com> | 2010-11-03 03:45:06 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-11-03 03:45:06 -0400 |
commit | b5f15ac4f89f84853544c934fc7a744289e95e34 (patch) | |
tree | 35f89a706003f9e9343bd63fc5d560cf33a579a7 | |
parent | 1a8b7a67224eb0c9dbd883b9bfc4938278bad370 (diff) |
ipv4: netfilter: ip_tables: fix information leak to userland
Structure ipt_getinfo is copied to userland with the field "name"
that has the last elements unitialized. It leads to leaking of
contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index d31b007a6d80..a846d633b3b6 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -1124,6 +1124,7 @@ static int get_info(struct net *net, void __user *user, | |||
1124 | private = &tmp; | 1124 | private = &tmp; |
1125 | } | 1125 | } |
1126 | #endif | 1126 | #endif |
1127 | memset(&info, 0, sizeof(info)); | ||
1127 | info.valid_hooks = t->valid_hooks; | 1128 | info.valid_hooks = t->valid_hooks; |
1128 | memcpy(info.hook_entry, private->hook_entry, | 1129 | memcpy(info.hook_entry, private->hook_entry, |
1129 | sizeof(info.hook_entry)); | 1130 | sizeof(info.hook_entry)); |