diff options
| author | Chenyuan Yang <chenyuan0y@gmail.com> | 2025-03-13 14:54:41 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-04-10 14:44:12 +0200 |
| commit | ddbf7e1d82a1d0c1d3425931a6cb1b83f8454759 (patch) | |
| tree | 24da26a9473435bc36e8398b70cf7f028a499a5e /net | |
| parent | 00fe0ac64efd1f5373b3dd9f1f84b19235371e39 (diff) | |
| download | linux-ddbf7e1d82a1d0c1d3425931a6cb1b83f8454759.tar.gz linux-ddbf7e1d82a1d0c1d3425931a6cb1b83f8454759.tar.bz2 linux-ddbf7e1d82a1d0c1d3425931a6cb1b83f8454759.zip | |
netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error
[ Upstream commit 778b09d91baafb13408470c721d034d6515cfa5a ]
It is possible that ctx in nfqnl_build_packet_message() could be used
before it is properly initialize, which is only initialized
by nfqnl_get_sk_secctx().
This patch corrects this problem by initializing the lsmctx to a safe
value when it is declared.
This is similar to the commit 35fcac7a7c25
("audit: Initialize lsmctx to avoid memory allocation error").
Fixes: 2d470c778120 ("lsm: replace context+len with lsm_context")
Signed-off-by: Chenyuan Yang <chenyuan0y@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nfnetlink_queue.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 5c913987901a..8b7b39d8a109 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -567,7 +567,7 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, enum ip_conntrack_info ctinfo = 0; const struct nfnl_ct_hook *nfnl_ct; bool csum_verify; - struct lsm_context ctx; + struct lsm_context ctx = { NULL, 0, 0 }; int seclen = 0; ktime_t tstamp; |