gre: information leak in ip6_tnl_ioctl()
authorDan Carpenter <dan.carpenter@oracle.com>
Thu, 16 Aug 2012 03:14:04 +0000 (03:14 +0000)
committerDavid S. Miller <davem@davemloft.net>
Mon, 20 Aug 2012 09:21:30 +0000 (02:21 -0700)
commit5ef5d6c569f80cf716d75fa88e9b5ee72f0986b2
treed8d85f656645a41afa15ff5ac11cf4e5eddf841f
parent56892261ed1a854db5363df8bb3fbdb2c6c28d4c
gre: information leak in ip6_tnl_ioctl()

There is a one byte hole between p->hop_limit and p->flowinfo where
stack memory is leaked to the user.  This was introduced in c12b395a46
"gre: Support GRE over IPv6".

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
net/ipv6/ip6_tunnel.c