http://bugzilla.suse.com/show_bug.cgi?id=1106751 http://bugzilla.suse.com/show_bug.cgi?id=1106751#c6 --- Comment #6 from Fabian Vogt <fvogt@suse.com> --- (In reply to Kristyna Streitova from comment #5)
(In reply to Fabian Vogt from comment #1)
@kstreitova: This was actually handled wrongly in iptables itself, a missing memset(&info, 0, sizeof(info)); in libiptc.c caused it to read garbage. It would be nice to have that fixed as well, even if it's ultimately a kernel bug.
Could you be a little bit more specific, please? Or even better, can you provide a patch if you've already identified where the problem lies? Thanks!
Sure: diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index a6e70571..8c03ab42 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -1303,6 +1303,7 @@ TC_INIT(const char *tablename) { struct xtc_handle *h; STRUCT_GETINFO info; + memset(&info, 0, sizeof(info)); unsigned int tmp; socklen_t s; int sockfd; Without this, iptables -L reads garbage from the struct as the kernel never filled it in the bugged case, leading to weird issues like mmapping a few TiB of memory. -- You are receiving this mail because: You are on the CC list for the bug.