netfilter: ipset: For set:list types, replaced elements must be zeroed out

The new extensions require zero initialization for the new element to be added into a slot from where another element was pushed away. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2013-09-23 21:28:06 +0200
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2013-09-30 21:33:29 +0200
commit: 8ec81f9a4db94fa5638c55793365b896dd9daecc (patch)
tree: 2d3a6168621399ca3b720cd3e22541a3f5a38f65 /net/netfilter/ipset
parent: 80571a9ea4ca9b6fee7ef0c13d3f31e774e0533b (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c
index f9681dcf747..e23f33c1443 100644
--- a/net/netfilter/ipset/ip_set_list_set.c
+++ b/net/netfilter/ipset/ip_set_list_set.c
@@ -184,6 +184,8 @@ list_set_add(struct ip_set *set, u32 i, struct set_adt_elem *d,
 			}
 			memmove(list_set_elem(set, map, i + 1), e,
 				set->dsize * (map->size - (i + 1)));
+			/* Extensions must be initialized to zero */
+			memset(e, 0, set->dsize);
 		}
 	}
 
@@ -192,7 +194,7 @@ list_set_add(struct ip_set *set, u32 i, struct set_adt_elem *d,
 		ip_set_timeout_set(ext_timeout(e, set), ext->timeout);
 	if (SET_WITH_COUNTER(set))
 		ip_set_init_counter(ext_counter(e, set), ext);
-	if (SET_WITH_COMMENT(set) && ext->comment)
+	if (SET_WITH_COMMENT(set))
 		ip_set_init_comment(ext_comment(e, set), ext);
 	return 0;
 }
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2013-09-23 21:28:06 +0200
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2013-09-30 21:33:29 +0200
commit	8ec81f9a4db94fa5638c55793365b896dd9daecc (patch)
tree	2d3a6168621399ca3b720cd3e22541a3f5a38f65 /net/netfilter/ipset
parent	80571a9ea4ca9b6fee7ef0c13d3f31e774e0533b (diff)