Skip to content

Commit

Permalink
netfilter: nf_log: fix uninit read in nf_log_proc_dostring
Browse files Browse the repository at this point in the history 
When proc_dostring() is called with a non-zero offset in strict mode, it
doesn't just write to the ->data buffer, it also reads. Make sure it
doesn't read uninitialized data.

Fixes: c6ac37d ("netfilter: nf_log: fix error on write NONE to [...]")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Jann Horn authored and Pablo Neira Ayuso committed Jun 26, 2018
1 parent ad9852a commit dffd22a
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions net/netfilter/nf_log.c
View file
Original file line number Diff line number Diff line change
@@ -424,6 +424,10 @@ static int nf_log_proc_dostring(struct ctl_table *table, int write,
if (write) {
struct ctl_table tmp = *table;

/* proc_dostring() can append to existing strings, so we need to
* initialize it as an empty string.
*/
buf[0] = '\0';
tmp.data = buf;
r = proc_dostring(&tmp, write, buffer, lenp, ppos);
if (r)

0 comments on commit dffd22a

Please sign in to comment.