diff options
author | Vasiliy Kulikov <segooon@gmail.com> | 2010-11-03 08:44:12 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-11-03 08:44:12 +0100 |
commit | 1a8b7a67224eb0c9dbd883b9bfc4938278bad370 (patch) | |
tree | 31697d77831109c760001a8a78053dab0fb74ac5 /net | |
parent | d817d29d0b37290d90b3a9e2a61162f1dbf2be4f (diff) | |
download | op-kernel-dev-1a8b7a67224eb0c9dbd883b9bfc4938278bad370.zip op-kernel-dev-1a8b7a67224eb0c9dbd883b9bfc4938278bad370.tar.gz |
ipv4: netfilter: arp_tables: fix information leak to userland
Structure arpt_getinfo is copied to userland with the field "name"
that has the last elements unitialized. It leads to leaking of
contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 3cad259..3fac340 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -927,6 +927,7 @@ static int get_info(struct net *net, void __user *user, private = &tmp; } #endif + memset(&info, 0, sizeof(info)); info.valid_hooks = t->valid_hooks; memcpy(info.hook_entry, private->hook_entry, sizeof(info.hook_entry)); |