Commit 5ef5d6c5 authored by Dan Carpenter's avatar Dan Carpenter Committed by David S. Miller

gre: information leak in ip6_tnl_ioctl()

There is a one byte hole between p->hop_limit and p->flowinfo where
stack memory is leaked to the user.  This was introduced in c12b395a
"gre: Support GRE over IPv6".
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
parent 56892261
......@@ -1312,6 +1312,8 @@ ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
}
ip6_tnl_parm_from_user(&p1, &p);
t = ip6_tnl_locate(net, &p1, 0);
} else {
memset(&p, 0, sizeof(p));
}
if (t == NULL)
t = netdev_priv(dev);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment