Comment # 6 on bug 1106751 from
(In reply to Kristyna Streitova from comment #5)
> (In reply to Fabian Vogt from comment #1)
> > @kstreitova: This was actually handled wrongly in iptables itself, a missing
> > memset(&info, 0, sizeof(info)); in libiptc.c caused it to read garbage. It
> > would be nice
> > to have that fixed as well, even if it's ultimately a kernel bug.
> 
> Could you be a little bit more specific, please? Or even better, can you
> provide a patch if you've already identified where the problem lies? Thanks!

Sure:

diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index a6e70571..8c03ab42 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -1303,6 +1303,7 @@ TC_INIT(const char *tablename)
 {
        struct xtc_handle *h;
        STRUCT_GETINFO info;
+       memset(&info, 0, sizeof(info));
        unsigned int tmp;
        socklen_t s;
        int sockfd;


Without this, iptables -L reads garbage from the struct as the kernel never
filled it in the bugged case, leading to weird issues like mmapping a few TiB
of memory.


You are receiving this mail because: