counterstmp is not cleared before it is used in get_counters(). it might be leaked partially when it is sent to userland later on. Signed-off-by: Loganaden Velvindron <logan@xxxxxxxxxxxx> --- net/bridge/netfilter/ebtables.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index f46ca41..26922e9 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -989,7 +989,7 @@ static int do_replace_finish(struct net *net, struct ebt_replace *repl, the check on the size is done later, when we have the lock */ if (repl->num_counters) { unsigned long size = repl->num_counters * sizeof(*counterstmp); - counterstmp = vmalloc(size); + counterstmp = vzalloc(size); if (!counterstmp) return -ENOMEM; } @@ -1410,7 +1410,7 @@ static int copy_counters_to_user(struct ebt_table *t, return -EINVAL; } - counterstmp = vmalloc(nentries * sizeof(*counterstmp)); + counterstmp = vzalloc(nentries * sizeof(*counterstmp)); if (!counterstmp) return -ENOMEM; -- 2.6.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html