ipvs: info leak in __ip_vs_get_dest_entries()
The entry struct has a 2 byte hole after ->port and another 4 byte hole after ->stats.outpkts. You must have CAP_NET_ADMIN in your namespace to hit this information leak. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Родитель
7b8dfe289f
Коммит
a8241c6351
|
@ -2542,6 +2542,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get,
|
|||
struct ip_vs_dest *dest;
|
||||
struct ip_vs_dest_entry entry;
|
||||
|
||||
memset(&entry, 0, sizeof(entry));
|
||||
list_for_each_entry(dest, &svc->destinations, n_list) {
|
||||
if (count >= get->num_dests)
|
||||
break;
|
||||
|
|
Загрузка…
Ссылка в новой задаче