| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1592273581-31338-1-git-send-email-wangxidong_97@163.com>
Date: Mon, 15 Jun 2020 19:13:01 -0700
From: Xidong Wang <wangxidong_97@....com>
To: Xidong Wang <wangxidong_97@....com>,
Pravin B Shelar <pshelar@....org>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
dev@...nvswitch.org, linux-kernel@...r.kernel.org
Subject: [PATCH 1/1] openvswitch: fix infoleak in conntrack
From: xidongwang <wangxidong_97@....com>
The stack object “zone_limit” has 3 members. In function
ovs_ct_limit_get_default_limit(), the member "count" is
not initialized and sent out via “nla_put_nohdr”.
Signed-off-by: xidongwang <wangxidong_97@....com>
---
net/openvswitch/conntrack.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 4340f25..1b7820a 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -2020,6 +2020,7 @@ static int ovs_ct_limit_get_default_limit(struct ovs_ct_limit_info *info,
{
struct ovs_zone_limit zone_limit;
int err;
+ memset(&zone_limit, 0, sizeof(zone_limit));
zone_limit.zone_id = OVS_ZONE_LIMIT_DEFAULT_ZONE;
zone_limit.limit = info->default_limit;
--
2.7.4
Powered by blists - more mailing lists