Bug 62850 (CVE-2004-0986) - VUL-0: CVE-2004-0986: uninitialised variable in iptables
Summary: VUL-0: CVE-2004-0986: uninitialised variable in iptables
Status: RESOLVED FIXED
: 62849 (view as bug list)
Alias: CVE-2004-0986
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Ludwig Nussel
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2004-0986: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2004-11-02 20:55 UTC by Ludwig Nussel
Modified: 2021-11-09 14:47 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
iptables.patch.box (568 bytes, text/plain)
2004-11-03 01:07 UTC, Ludwig Nussel 		Details
iptables.patch.maintained (564 bytes, text/plain)
2004-11-03 01:07 UTC, Ludwig Nussel 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2004-11-02 20:55:07 UTC 
We received the following report via vendor-sec.
The issue is public.

Date: Tue, 26 Oct 2004 16:32:18 +0200
From: Martin Schulze <joey@infodrom.org>
To: vendor-sec@lst.de
Subject: [vendor-sec] CAN-2004-0986: iptables and ip6tables fail to load ipt* kernel modules

Hi,

due to an uninitialised variable iptables and ip6tables fail to
load the proper kernel modules, which may result in rules not
implemented.  The fix is easy and I'm attaching the official
upstream correction.  This problem is already public through
our bugtracking system and netfilter-dev.

Regards,

	Joey

-- 
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect.

Index: iptables.c
===================================================================
--- iptables.c	(revision 3243)
+++ iptables.c	(working copy)
 	int procfile;
 	char *ret;
 
+#define PROCFILE_BUFSIZ	1024
 	procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
 	if (procfile < 0)
 		return NULL;
 
-	ret = malloc(1024);
+	ret = (char *) malloc(PROCFILE_BUFSIZ);
 	if (ret) {
-		switch (read(procfile, ret, 1024)) {
+		memset(ret, 0, PROCFILE_BUFSIZ);
+		switch (read(procfile, ret, PROCFILE_BUFSIZ)) {
 		case -1: goto fail;
-		case 1024: goto fail; /* Partial read.  Wierd */
+		case PROCFILE_BUFSIZ: goto fail; /* Partial read.  Wierd */
 		}
 		if (ret[strlen(ret)-1]=='\n') 
 			ret[strlen(ret)-1]=0;
Index: ip6tables.c
===================================================================
--- ip6tables.c	(revision 3243)
+++ ip6tables.c	(working copy)
 	int procfile;
 	char *ret;
 
+#define PROCFILE_BUFSIZ 1024
 	procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
 	if (procfile < 0)
 		return NULL;
 
-	ret = malloc(1024);
+	ret = malloc(PROCFILE_BUFSIZ);
 	if (ret) {
-		switch (read(procfile, ret, 1024)) {
+		memset(ret, 0, PROCFILE_BUFSIZ);
+		switch (read(procfile, ret, PROCFILE_BUFSIZ)) {
 		case -1: goto fail;
-		case 1024: goto fail; /* Partial read.  Wierd */
+		case PROCFILE_BUFSIZ: goto fail; /* Partial read.  Wierd */
 		}
 		if (ret[strlen(ret)-1]=='\n') 
 			ret[strlen(ret)-1]=0;
Comment 1 Marcus Meissner 2004-11-02 20:57:32 UTC 
*** Bug 62849 has been marked as a duplicate of this bug. ***
Comment 2 Petr Ostadal 2004-11-03 00:03:15 UTC 
I fixed and submited packages for ul1, 8.2, 9.0, sles9, 9.2 and STABLE, you can
 create and submit patchinfo.
Comment 3 Ludwig Nussel 2004-11-03 01:07:04 UTC 
Created attachment 25709 [details]
iptables.patch.box
Comment 4 Ludwig Nussel 2004-11-03 01:07:16 UTC 
Created attachment 25710 [details]
iptables.patch.maintained
Comment 5 Marcus Meissner 2004-11-25 21:28:24 UTC 
updates released.
Comment 6 Thomas Biege 2009-10-13 19:57:34 UTC 
CVE-2004-0986: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)