linux.git - Linux kernel source tree

diff options

author	Xiang Mei <xmei5@asu.edu>	2026-04-01 14:20:57 -0700
committer	Florian Westphal <fw@strlen.de>	2026-04-08 13:33:36 +0200
commit	1f3083aec8836213da441270cdb1ab612dd82cf4 (patch)
tree	90eeb2f6f409e0b4adb9b0a219f581529a42ad6d /tools/perf/scripts/python/stackcollapse.py
parent	9a91797e61d286805ae10a92cc48959c30800556 (diff)

netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator

When batching multiple NFLOG messages (inst->qlen > 1), __nfulnl_send() appends an NLMSG_DONE terminator with sizeof(struct nfgenmsg) payload via nlmsg_put(), but never initializes the nfgenmsg bytes. The nlmsg_put() helper only zeroes alignment padding after the payload, not the payload itself, so four bytes of stale kernel heap data are leaked to userspace in the NLMSG_DONE message body. Use nfnl_msg_put() to build the NLMSG_DONE terminator, which initializes the nfgenmsg payload via nfnl_fill_hdr(), consistent with how __build_packet_message() already constructs NFULNL_MSG_PACKET headers. Fixes: 29c5d4afba51 ("[NETFILTER]: nfnetlink_log: fix sending of multipart messages") Reported-by: Weiming Shi <bestswngs@gmail.com> Signed-off-by: Xiang Mei <xmei5@asu.edu> Signed-off-by: Florian Westphal <fw@strlen.de>

Diffstat (limited to 'tools/perf/scripts/python/stackcollapse.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: