projects / linux-flexiantxendom0-natty.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: d7d07bf) | patch
bridge: netfilter: fix information leak
authorVasiliy Kulikov <segoon@openwall.com>
Mon, 14 Feb 2011 15:49:23 +0000 (16:49 +0100)
committerBrad Figg <brad.figg@canonical.com>
Wed, 27 Apr 2011 18:41:14 +0000 (11:41 -0700)
commit9e8394f12409fd92ba4206945372b660f7323af4
tree16ecb8016a0d5965184237f16421f55cc8ea8192tree | snapshot
parentd7d07bff70c0034785594e2a4cbb3ce354aa9c42commit | diff
bridge: netfilter: fix information leak

BugLink: http://bugs.launchpad.net/bugs/761134

commit d846f71195d57b0bbb143382647c2c6638b04c5a upstream.

Struct tmp is copied from userspace.  It is not checked whether the "name"
field is NULL terminated.  This may lead to buffer overflow and passing
contents of kernel stack as a module name to try_then_request_module() and,
consequently, to modprobe commandline.  It would be seen by all userspace
processes.

Signed-off-by: Vasiliy Kulikov <segoon@openwall.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
net/bridge/netfilter/ebtables.c diff | blob | history
Port of xen3.3 xenlinux code to Ubuntu Natty kernel