Skip to content

Commit

Permalink
[NETFILTER]: Fix small information leak in SO_ORIGINAL_DST (CVE-2006-…
Browse files Browse the repository at this point in the history 
…1343)

It appears that sockaddr_in.sin_zero is not zeroed during
getsockopt(...SO_ORIGINAL_DST...) operation. This can lead
to an information leak (CVE-2006-1343).

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Marcel Holtmann authored and David S. Miller committed May 29, 2006
1 parent d9ec5ad commit 6c813c3
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions net/ipv4/netfilter/ip_conntrack_core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1318,6 +1318,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len)
.tuple.dst.u.tcp.port;
sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL]
.tuple.dst.ip;
memset(sin.sin_zero, 0, sizeof(sin.sin_zero));

DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n",
NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port));
Expand Down
1 change: 1 addition & 0 deletions net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -348,6 +348,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len)
.tuple.dst.u.tcp.port;
sin.sin_addr.s_addr = ct->tuplehash[IP_CT_DIR_ORIGINAL]
.tuple.dst.u3.ip;
memset(sin.sin_zero, 0, sizeof(sin.sin_zero));

DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n",
NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port));
Expand Down

0 comments on commit 6c813c3

Please sign in to comment.