Re: [PATCH 1/3] netfilter: Fix copy_to_user too small size parametre.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 01, 2012 at 02:06:37PM +0100, Pablo Neira Ayuso wrote:
> > Where do we clear "m"? 
> > 
> > include/linux/netfilter/x_tables.h
> >    287  struct xt_match {
> >    288          struct list_head list;
> >    289  
> >    290          const char name[XT_EXTENSION_MAXNAMELEN];
> >    291          u_int8_t revision;
> >    292  
> > 
> > There is a 2 byte holes here between "revision" and "match()".  We
> > copy three bytes past the end of name, so we include revision and
> > the hole.
> > 
> > But maybe we memset it somewhere?  I'm not sure.
> 
> xt_match instances are declared as static for each module so it's
> allocated in the BSS (already zeroed), is that what you mean?
> 

Yeah.  I didn't know how that worked.  Thanks.

regards,
dan carpenter

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux