diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2013-06-03 12:00:49 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-06-10 14:53:00 +0200 |
commit | a8241c63517ec0b900695daa9003cddc41c536a1 (patch) | |
tree | 0d33d8f4a0f586d71a641828a558b89ff45efeea | |
parent | 7b8dfe289fdde0066be343a3e0271ad6d7b6dbcf (diff) | |
download | op-kernel-dev-a8241c63517ec0b900695daa9003cddc41c536a1.zip op-kernel-dev-a8241c63517ec0b900695daa9003cddc41c536a1.tar.gz |
ipvs: info leak in __ip_vs_get_dest_entries()
The entry struct has a 2 byte hole after ->port and another 4 byte
hole after ->stats.outpkts. You must have CAP_NET_ADMIN in your
namespace to hit this information leak.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 5b142fb..9e6c2a0 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -2542,6 +2542,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, struct ip_vs_dest *dest; struct ip_vs_dest_entry entry; + memset(&entry, 0, sizeof(entry)); list_for_each_entry(dest, &svc->destinations, n_list) { if (count >= get->num_dests) break; |