diff options
| author | Dan Carpenter <dan.carpenter@oracle.com> | 2013-06-03 05:00:49 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-06-10 08:53:00 -0400 |
| commit | a8241c63517ec0b900695daa9003cddc41c536a1 (patch) | |
| tree | 0d33d8f4a0f586d71a641828a558b89ff45efeea /net | |
| parent | 7b8dfe289fdde0066be343a3e0271ad6d7b6dbcf (diff) | |
ipvs: info leak in __ip_vs_get_dest_entries()
The entry struct has a 2 byte hole after ->port and another 4 byte
hole after ->stats.outpkts. You must have CAP_NET_ADMIN in your
namespace to hit this information leak.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 5b142fb16480..9e6c2a075a4c 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c | |||
| @@ -2542,6 +2542,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, | |||
| 2542 | struct ip_vs_dest *dest; | 2542 | struct ip_vs_dest *dest; |
| 2543 | struct ip_vs_dest_entry entry; | 2543 | struct ip_vs_dest_entry entry; |
| 2544 | 2544 | ||
| 2545 | memset(&entry, 0, sizeof(entry)); | ||
| 2545 | list_for_each_entry(dest, &svc->destinations, n_list) { | 2546 | list_for_each_entry(dest, &svc->destinations, n_list) { |
| 2546 | if (count >= get->num_dests) | 2547 | if (count >= get->num_dests) |
| 2547 | break; | 2548 | break; |