]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f426793) | patch
bridge: netfilter: fix information leak
authorVasiliy Kulikov <segoon@openwall.com>
Mon, 14 Feb 2011 15:49:23 +0000 (16:49 +0100)
committerPatrick McHardy <kaber@trash.net>
Mon, 14 Feb 2011 15:49:23 +0000 (16:49 +0100)
commit5c03b19997c8d2b94f628d39d08c72c7e263e1f8
tree67515bc845a399c77df22dd859cabdb17dcd70fftree | snapshot
parentf426793f41ccd1ee3c24e16070edd136aafa5b1fcommit | diff
bridge: netfilter: fix information leak

Struct tmp is copied from userspace.  It is not checked whether the "name"
field is NULL terminated.  This may lead to buffer overflow and passing
contents of kernel stack as a module name to try_then_request_module() and,
consequently, to modprobe commandline.  It would be seen by all userspace
processes.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
net/bridge/netfilter/ebtables.c diff | blob | history
Linux Kernel Source Tree.