On Mon, Jun 03, 2013 at 12:00:49PM +0300, Dan Carpenter wrote: > The entry struct has a 2 byte hole after ->port and another 4 byte > hole after ->stats.outpkts. You must have CAP_NET_ADMIN in your > namespace to hit this information leak. Hi Dan, can I verify that it is actually possible to hit this and thus the patch is a -stable candidate? > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > > diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c > index df05c1c..e336535 100644 > --- a/net/netfilter/ipvs/ip_vs_ctl.c > +++ b/net/netfilter/ipvs/ip_vs_ctl.c > @@ -2542,6 +2542,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, > struct ip_vs_dest *dest; > struct ip_vs_dest_entry entry; > > + memset(&entry, 0, sizeof(entry)); > list_for_each_entry(dest, &svc->destinations, n_list) { > if (count >= get->num_dests) > break; > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html