http://bugzilla.suse.com/show_bug.cgi?id=1106751 http://bugzilla.suse.com/show_bug.cgi?id=1106751#c17 --- Comment #17 from Kristyna Streitova <kstreitova@suse.com> --- (In reply to Fabian Vogt from comment #6)
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index a6e70571..8c03ab42 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -1303,6 +1303,7 @@ TC_INIT(const char *tablename) { struct xtc_handle *h; STRUCT_GETINFO info; + memset(&info, 0, sizeof(info)); unsigned int tmp; socklen_t s; int sockfd;
Without this, iptables -L reads garbage from the struct as the kernel never filled it in the bugged case, leading to weird issues like mmapping a few TiB of memory.
Thanks! I've submitted this patch to openSUSE:Factory via sr#691502. It was also reported upstream: https://bugzilla.netfilter.org/show_bug.cgi?id=1331 -- You are receiving this mail because: You are on the CC list for the bug.