projects
/
openwrt
/
staging
/
blogic.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
5689226
)
gre: information leak in ip6_tnl_ioctl()
author
Dan Carpenter
<dan.carpenter@oracle.com>
Thu, 16 Aug 2012 03:14:04 +0000
(
03:14
+0000)
committer
David S. Miller
<davem@davemloft.net>
Mon, 20 Aug 2012 09:21:30 +0000
(
02:21
-0700)
There is a one byte hole between p->hop_limit and p->flowinfo where
stack memory is leaked to the user. This was introduced in
c12b395a46
"gre: Support GRE over IPv6".
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
net/ipv6/ip6_tunnel.c
patch
|
blob
|
history
diff --git
a/net/ipv6/ip6_tunnel.c
b/net/ipv6/ip6_tunnel.c
index 33d2a0e6712de084077727298d9e2353f39eb9c0..cb7e2ded6f08cce17f8fb11a7e7e119e8564d661 100644
(file)
--- a/
net/ipv6/ip6_tunnel.c
+++ b/
net/ipv6/ip6_tunnel.c
@@
-1312,6
+1312,8
@@
ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
}
ip6_tnl_parm_from_user(&p1, &p);
t = ip6_tnl_locate(net, &p1, 0);
+ } else {
+ memset(&p, 0, sizeof(p));
}
if (t == NULL)
t = netdev_priv(dev);