Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2112082ybt;
        Mon, 15 Jun 2020 19:15:44 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJx6ww2coh70Q44gliGaDTVMU65jmRE0D6udN4Vq34KTNrfXHJYTyKABfdUbNWHmPUTL649R
X-Received: by 2002:a50:9b14:: with SMTP id o20mr583270edi.371.1592273744626;
        Mon, 15 Jun 2020 19:15:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1592273744; cv=none;
        d=google.com; s=arc-20160816;
        b=Iw6RaBSdJb6wkq9I03OBQkkzsitfKU3Eb8r55Vl0LWBaAmoD3uvkA/GTDHbKuj0twa
         sQJICBU+lsvCU7eNJHRSliIBagi5hXwbuGuWMRUeZaYtkNy7IblrBb3A9Sz2BeEnWiJn
         0iIclsUzB0f1gpQAMUigF2Tc4h3gYbKQZzo5TqT2gaE6WE/OFb/O9UVsRb6Cb2wY6hzF
         Lz9ZZJagFNQDMlqnSvACvukD/9hO2TEWc7FqX6oOmV6Dt0a6CDpfA8unxA0/83pCtsJw
         G28F1Lw/UxAU6IXSr3sk5aDWm0rZ9YBZ3Z+zaaO/M3UY8owL+A6BXGwl7Tj/YvgrSVJ/
         X2cg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:to:from:dkim-signature;
        bh=s4XBVyv9DADyKucbpsy8uo0V7CPIYGBYSyMQ4h1ImtI=;
        b=U1ss3s9bg2QlV3d70gteIc7JhbWUOC+upL5f1KxzE1PcLCNdQVQ6BYsxGKNgoCu59M
         LeNDoSr07BgGyJhJkzVoSOpnuEIDUsSYI1wDfk7IhtHg1B1kl+oAy4c78jP0/TroF5EP
         WQj5dd63V2j7OcoU+2mLSkWrExdZ1P/2BJB/VKMr2G46ML38fJNJlMY6BTKlsmHQXEQc
         IcVTcl3LhE9inwecdQErqIiD4XgvD8GrOxp8Mf8oP4i/SLFE/ZKbRbeDU2uTi6Fup7ks
         TCw6TJspkh3Nn3oDfTk77E894c2F7ylO3FrvtuW7GaAtFV6kECTK6JJopM6CxslLIW7H
         sWNA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=Z5b+s9+K;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id n4si10396929ejz.569.2020.06.15.19.15.21;
        Mon, 15 Jun 2020 19:15:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=Z5b+s9+K;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726306AbgFPCNY (ORCPT <rfc822;wxiaokuan@gmail.com> + 99 others);
        Mon, 15 Jun 2020 22:13:24 -0400
Received: from mail-m971.mail.163.com ([123.126.97.1]:36370 "EHLO
        mail-m971.mail.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725978AbgFPCNX (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 15 Jun 2020 22:13:23 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
        s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=s4XBV
        yv9DADyKucbpsy8uo0V7CPIYGBYSyMQ4h1ImtI=; b=Z5b+s9+K+TNo75YbRnwN/
        19Lq+RWejaVHbnUHrm3uUpLV4tvv2O5s9dy7uQhFmEUGij3BTS5ZWfDgnYNGYX7c
        gde/ZWcM2bXwmc0XQb+GESuL81Ypl8NaL/RHJDhUTS0c8Qu8z3/8ekFY1jzs/+Gd
        B/RBybhqWoxap3V/LiXR9U=
Received: from ubuntu.localdomain (unknown [42.238.20.186])
        by smtp1 (Coremail) with SMTP id GdxpCgAHbSuvKuheUlW4DA--.473S3;
        Tue, 16 Jun 2020 10:13:06 +0800 (CST)
From:   Xidong Wang <wangxidong_97@163.com>
To:     Xidong Wang <wangxidong_97@163.com>,
        Pravin B Shelar <pshelar@ovn.org>,
        "David S . Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>, netdev@vger.kernel.org,
        dev@openvswitch.org, linux-kernel@vger.kernel.org
Subject: [PATCH 1/1] openvswitch: fix infoleak in conntrack
Date:   Mon, 15 Jun 2020 19:13:01 -0700
Message-Id: <1592273581-31338-1-git-send-email-wangxidong_97@163.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-CM-TRANSID: GdxpCgAHbSuvKuheUlW4DA--.473S3
X-Coremail-Antispam: 1Uf129KBjvdXoW7XFyxtr45Zr1DJw48Zr45GFg_yoWfJFX_KF
        Z5Jw1kur15AFs5Kw4jqF4xAr1kJ34xZFZ3Xr17Zay7Gw10qwn3WF18Wa97uFy8uF1YvFW7
        Z3sIvwsrCa4akjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
        9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUULiStUUUUU==
X-Originating-IP: [42.238.20.186]
X-CM-SenderInfo: pzdqw5xlgr0wrbzxqiywtou0bp/1tbizQJF81c7KrzyxQAAs0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: xidongwang <wangxidong_97@163.com>

The stack object “zone_limit” has 3 members. In function
ovs_ct_limit_get_default_limit(), the member "count" is
not initialized and sent out via “nla_put_nohdr”.

Signed-off-by: xidongwang <wangxidong_97@163.com>
---
 net/openvswitch/conntrack.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 4340f25..1b7820a 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -2020,6 +2020,7 @@ static int ovs_ct_limit_get_default_limit(struct ovs_ct_limit_info *info,
 {
 	struct ovs_zone_limit zone_limit;
 	int err;
+	memset(&zone_limit, 0, sizeof(zone_limit));
 
 	zone_limit.zone_id = OVS_ZONE_LIMIT_DEFAULT_ZONE;
 	zone_limit.limit = info->default_limit;
-- 
2.7.4