| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240815082733.272087-1-icejl0001@gmail.com> Date: Thu, 15 Aug 2024 16:27:33 +0800 From: icejl <icejl0001@...il.com> To: pablo@...filter.org, kadlec@...filter.org, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com Cc: netfilter-devel@...r.kernel.org, coreteam@...filter.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, icejl <icejl0001@...il.com> Subject: [PATCH] netfilter: nfnetlink: fix uninitialized local variable In the nfnetlink_rcv_batch function, an uninitialized local variable extack is used, which results in using random stack data as a pointer. This pointer is then used to access the data it points to and return it as the request status, leading to an information leak. If the stack data happens to be an invalid pointer, it can cause a pointer access exception, triggering a kernel crash. Signed-off-by: icejl <icejl0001@...il.com> --- net/netfilter/nfnetlink.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index 4abf660c7baf..b29b281f4b2c 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c @@ -427,6 +427,7 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh, nfnl_unlock(subsys_id); + memset(&extack, 0, sizeof(extack)); if (nlh->nlmsg_flags & NLM_F_ACK) nfnl_err_add(&err_list, nlh, 0, &extack); -- 2.34.1
Powered by blists - more mailing lists