summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2013-06-03 12:00:49 +0300
committerPablo Neira Ayuso <pablo@netfilter.org>2013-06-10 14:53:00 +0200
commita8241c63517ec0b900695daa9003cddc41c536a1 (patch)
tree0d33d8f4a0f586d71a641828a558b89ff45efeea
parent7b8dfe289fdde0066be343a3e0271ad6d7b6dbcf (diff)
downloadop-kernel-dev-a8241c63517ec0b900695daa9003cddc41c536a1.zip
op-kernel-dev-a8241c63517ec0b900695daa9003cddc41c536a1.tar.gz
ipvs: info leak in __ip_vs_get_dest_entries()
The entry struct has a 2 byte hole after ->port and another 4 byte hole after ->stats.outpkts. You must have CAP_NET_ADMIN in your namespace to hit this information leak. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/netfilter/ipvs/ip_vs_ctl.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 5b142fb..9e6c2a0 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2542,6 +2542,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get,
struct ip_vs_dest *dest;
struct ip_vs_dest_entry entry;
+ memset(&entry, 0, sizeof(entry));
list_for_each_entry(dest, &svc->destinations, n_list) {
if (count >= get->num_dests)
break;
OpenPOWER on IntegriCloud