mirror of https://github.com/torvalds/linux.git
4f36ea6eed
If nf_log uses ipt_ULOG as logging output, we can deliver non-null terminated strings to user-space since the maximum length of the prefix that is passed by nf_log is NF_LOG_PREFIXLEN but pm->prefix is 32 bytes long (ULOG_PREFIX_LEN). This is actually happening already from nf_conntrack_tcp if ipt_ULOG is used, since it is passing strings longer than 32 bytes. Signed-off-by: Chen Gang <gang.chen@asianux.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| arp_tables.c | ||
| arpt_mangle.c | ||
| arptable_filter.c | ||
| ip_tables.c | ||
| ipt_CLUSTERIP.c | ||
| ipt_ECN.c | ||
| ipt_MASQUERADE.c | ||
| ipt_REJECT.c | ||
| ipt_ULOG.c | ||
| ipt_ah.c | ||
| ipt_rpfilter.c | ||
| iptable_filter.c | ||
| iptable_mangle.c | ||
| iptable_nat.c | ||
| iptable_raw.c | ||
| iptable_security.c | ||
| nf_conntrack_l3proto_ipv4.c | ||
| nf_conntrack_l3proto_ipv4_compat.c | ||
| nf_conntrack_proto_icmp.c | ||
| nf_defrag_ipv4.c | ||
| nf_nat_h323.c | ||
| nf_nat_l3proto_ipv4.c | ||
| nf_nat_pptp.c | ||
| nf_nat_proto_gre.c | ||
| nf_nat_proto_icmp.c | ||
| nf_nat_snmp_basic.c | ||