ipt_ulog_packet() did not properly blank the char[] members indev_name, outdev_name, prefix and mac of struct ulog_packet_msg. This leaks uninitialized kernel memory to user space in the form of netlink NFLOG broadcasts. This change clears the whole structure initially to avoid this. Signed-off-by: Mark Leander <mark.leander@xxxxxxxxxxxxxxx> --- net/ipv4/netfilter/ipt_ULOG.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index 446e0f4..07b36b0 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c @@ -204,6 +204,7 @@ static void ipt_ulog_packet(unsigned int hooknum, ub->qlen++; pm = NLMSG_DATA(nlh); + memset(pm, 0, sizeof(*pm)); /* We might not have a timestamp, get one */ if (skb->tstamp.tv64 == 0) -- 1.7.0.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
