On Wednesday 2010-11-03 23:12, kaber@xxxxxxxxx wrote: >From: Vasiliy Kulikov <segooon@xxxxxxxxx> > >Structure ipt_getinfo is copied to userland with the field "name" >that has the last elements unitialized. It leads to leaking of >contents of kernel stack memory. > >Signed-off-by: Vasiliy Kulikov <segooon@xxxxxxxxx> >Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx> >--- > net/ipv4/netfilter/ip_tables.c | 1 + But then we would also need this: --------8<------------- parent 93aa45607748d2ffa73f41a435dced6a2fd90cb5 (v2.6.36-rc3-1020-g93aa456) commit 8aff3f67fa47f7d3211aea8bbef999554d6f65e5 Author: Jan Engelhardt <jengelh@xxxxxxxxxx> Date: Wed Nov 3 23:55:18 2010 +0100 netfilter: ip6_tables: fix information leak to userspace Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx> --- net/ipv6/netfilter/ip6_tables.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index c683e9e..d13f893 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -1137,6 +1137,7 @@ static int get_info(struct net *net, void __user *user, private = &tmp; } #endif + memset(&info, 0, sizeof(info)); info.valid_hooks = t->valid_hooks; memcpy(info.hook_entry, private->hook_entry, sizeof(info.hook_entry)); -- # Created with git-export-patch -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
