Patchwork [3.5.y.z,extended,stable] Patch "ipvs: info leak in __ip_vs_get_dest_entries()" has been added to staging queue

mail settings
Submitter Luis Henriques
Date July 5, 2013, 11:02 a.m.
Message ID <>
Download mbox | patch
Permalink /patch/257151/
State New
Headers show


Luis Henriques - July 5, 2013, 11:02 a.m.
This is a note to let you know that I have just added a patch titled

    ipvs: info leak in __ip_vs_get_dest_entries()

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see



From 99ace42a26369052a8cca7dd681565627c67a90d Mon Sep 17 00:00:00 2001
From: Dan Carpenter <>
Date: Mon, 3 Jun 2013 12:00:49 +0300
Subject: [PATCH] ipvs: info leak in __ip_vs_get_dest_entries()

commit a8241c63517ec0b900695daa9003cddc41c536a1 upstream.

The entry struct has a 2 byte hole after ->port and another 4 byte
hole after ->stats.outpkts.  You must have CAP_NET_ADMIN in your
namespace to hit this information leak.

Signed-off-by: Dan Carpenter <>
Acked-by: Julian Anastasov <>
Signed-off-by: Simon Horman <>
Signed-off-by: Pablo Neira Ayuso <>
Signed-off-by: Luis Henriques <>
 net/netfilter/ipvs/ip_vs_ctl.c | 1 +
 1 file changed, 1 insertion(+)



diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 72bf32a..526da6e 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2549,6 +2549,7 @@  __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get,
 		struct ip_vs_dest *dest;
 		struct ip_vs_dest_entry entry;

+		memset(&entry, 0, sizeof(entry));
 		list_for_each_entry(dest, &svc->destinations, n_list) {
 			if (count >= get->num_dests)