netfilter: nft_compat: do not dump private area - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Pablo Neira Ayuso <pablo@netfilter.org>	2018-10-09 21:06:36 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-10-11 12:29:53 +0300
commit	d701d8117200399d85e63a737d2e4e897932f3b6 (patch)
tree	7a3d7c8160dda988d6c0f2b52f9cd6ca576dd15b /net/unix/af_unix.c
parent	18c0ab87364ac5128a152055fdcb1d27e01caf01 (diff)
download	linux-d701d8117200399d85e63a737d2e4e897932f3b6.tar.xz

netfilter: nft_compat: do not dump private area

Zero pad private area, otherwise we expose private kernel pointer to userspace. This patch also zeroes the tail area after the ->matchsize and ->targetsize that results from XT_ALIGN(). Fixes: 0ca743a55991 ("netfilter: nf_tables: add compatibility layer for x_tables") Reported-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/unix/af_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: