netfilter: ipset: For set:list types, replaced elements must be zeroed out
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Mon, 23 Sep 2013 19:28:06 +0000 (21:28 +0200)
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Mon, 30 Sep 2013 19:33:29 +0000 (21:33 +0200)
The new extensions require zero initialization for the new element
to be added into a slot from where another element was pushed away.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
net/netfilter/ipset/ip_set_list_set.c

index f9681dcf7476d0ffec025c544ac618a28a843e3f..e23f33c14435b3986f4f0ef22e3d75dc9de98e95 100644 (file)
@@ -184,6 +184,8 @@ list_set_add(struct ip_set *set, u32 i, struct set_adt_elem *d,
                        }
                        memmove(list_set_elem(set, map, i + 1), e,
                                set->dsize * (map->size - (i + 1)));
+                       /* Extensions must be initialized to zero */
+                       memset(e, 0, set->dsize);
                }
        }
 
@@ -192,7 +194,7 @@ list_set_add(struct ip_set *set, u32 i, struct set_adt_elem *d,
                ip_set_timeout_set(ext_timeout(e, set), ext->timeout);
        if (SET_WITH_COUNTER(set))
                ip_set_init_counter(ext_counter(e, set), ext);
-       if (SET_WITH_COMMENT(set) && ext->comment)
+       if (SET_WITH_COMMENT(set))
                ip_set_init_comment(ext_comment(e, set), ext);
        return 0;
 }