On Thu, May 17, 2018 at 10:44:42AM +0200, Greg Kroah-Hartman wrote: > When allocating a xt_table_info structure, we should be clearing out the > full amount of memory that was allocated, not just the "header" of the > structure. Otherwise odd values could be passed to userspace, which is > not a good thing. > > Cc: stable <stable@xxxxxxxxxxxxxxx> > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > --- > net/netfilter/x_tables.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c > index cb7cb300c3bc..a300e8252bb6 100644 > --- a/net/netfilter/x_tables.c > +++ b/net/netfilter/x_tables.c > @@ -1187,7 +1187,7 @@ struct xt_table_info *xt_alloc_table_info(unsigned int size) > if (!info) > return NULL; > > - memset(info, 0, sizeof(*info)); > + memset(info, 0, sz); > info->size = size; > return info; > } > -- > 2.17.0 > Or we can replace kvmalloc() by kvzalloc() and remove the memset(). Michal Kubecek -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
