diff options
| author | Vasiliy Kulikov <segooon@gmail.com> | 2010-11-03 03:44:12 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-11-03 03:44:12 -0400 |
| commit | 1a8b7a67224eb0c9dbd883b9bfc4938278bad370 (patch) | |
| tree | 31697d77831109c760001a8a78053dab0fb74ac5 /net/ipv4 | |
| parent | d817d29d0b37290d90b3a9e2a61162f1dbf2be4f (diff) | |
ipv4: netfilter: arp_tables: fix information leak to userland
Structure arpt_getinfo is copied to userland with the field "name"
that has the last elements unitialized. It leads to leaking of
contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 3cad2591ace0..3fac340a28d5 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -927,6 +927,7 @@ static int get_info(struct net *net, void __user *user, | |||
| 927 | private = &tmp; | 927 | private = &tmp; |
| 928 | } | 928 | } |
| 929 | #endif | 929 | #endif |
| 930 | memset(&info, 0, sizeof(info)); | ||
| 930 | info.valid_hooks = t->valid_hooks; | 931 | info.valid_hooks = t->valid_hooks; |
| 931 | memcpy(info.hook_entry, private->hook_entry, | 932 | memcpy(info.hook_entry, private->hook_entry, |
| 932 | sizeof(info.hook_entry)); | 933 | sizeof(info.hook_entry)); |