netfilter: xt_recent: fix stack overread in compat code

Related-to: commit 325fb5b4d26038cba665dd0d8ee09555321061f0
The compat path suffers from a similar problem. It only uses a __be32
when all of the recent code uses, and expects, an nf_inet_addr
everywhere. As a result, addresses stored by xt_recents were
filled with whatever other stuff was on the stack following the be32.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
With a minor compile fix from Roman.

Reported-and-tested-by: Roman Hoog Antink <rha@open.ch>
Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index 791e030ea9031358d8d19f6da099554fb090b304..eb0ceb8465270d355d44842b1b82e91e41b6830e 100644 (file)
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -474,7 +474,7 @@ static ssize_t recent_old_proc_write(struct file *file,
        struct recent_table *t = pde->data;
        struct recent_entry *e;
        char buf[sizeof("+255.255.255.255")], *c = buf;
-       __be32 addr;
+       union nf_inet_addr addr = {};
        int add;
 
        if (size > sizeof(buf))
@@ -506,14 +506,13 @@ static ssize_t recent_old_proc_write(struct file *file,
                add = 1;
                break;
        }
-       addr = in_aton(c);
+       addr.ip = in_aton(c);
 
        spin_lock_bh(&recent_lock);
-       e = recent_entry_lookup(t, (const void *)&addr, NFPROTO_IPV4, 0);
+       e = recent_entry_lookup(t, &addr, NFPROTO_IPV4, 0);
        if (e == NULL) {
                if (add)
-                       recent_entry_init(t, (const void *)&addr,
-                                         NFPROTO_IPV4, 0);
+                       recent_entry_init(t, &addr, NFPROTO_IPV4, 0);
        } else {
                if (add)
                        recent_entry_update(t, e);