ipvs: info leak in __ip_vs_get_dest_entries()

The entry struct has a 2 byte hole after ->port and another 4 byte hole after ->stats.outpkts. You must have CAP_NET_ADMIN in your namespace to hit this information leak. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Acked-by: N Julian Anastasov <ja@ssi.bg> Signed-off-by: N Simon Horman <horms@verge.net.au> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>

ipvs: info leak in __ip_vs_get_dest_entries()
The entry struct has a 2 byte hole after ->port and another 4 byte hole after ->stats.outpkts. You must have CAP_NET_ADMIN in your namespace to hit this information leak. Signed-off-by: N Dan Carpenter <dan.carpenter@oracle.com> Acked-by: N Julian Anastasov <ja@ssi.bg> Signed-off-by: N Simon Horman <horms@verge.net.au> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>
a8241c63 · Dan Carpenter · Pablo Neira Ayuso · 7b8dfe28 · a8241c63
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

net/netfilter/ipvs/ip_vs_ctl.c net/netfilter/ipvs/ip_vs_ctl.c +1 -0

未找到文件。
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2542,6 +2542,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get,
 		struct ip_vs_dest *dest;
 		struct ip_vs_dest_entry entry;

+		memset(&entry, 0, sizeof(entry));
 		list_for_each_entry(dest, &svc->destinations, n_list) {
 			if (count >= get->num_dests)
 				break;