[NETFILTER] ctnetlink: check if protoinfo is present This fixes an oops triggered from userspace. If we don't pass information about the private protocol info, the reference to attr will be NULL. This is likely to happen in update messages.
Signed-off-by: Pablo Neira Ayuso <[EMAIL PROTECTED]>
Signed-off-by: Harald Welte <[EMAIL PROTECTED]>
---
commit f88e433b32c43c9339e3a4ba24e7db7ed610a8ab
tree 2a83f2ee457bb51a20075eb08180539470f28d0b
parent b40f4d9f29829d5e96119b0747361d63d16e84b6
author Harald Welte <[EMAIL PROTECTED]> Sat, 05 Nov 2005 11:33:09 +0100
committer Harald Welte <[EMAIL PROTECTED]> Sat, 05 Nov 2005 11:33:09 +0100
net/ipv4/netfilter/ip_conntrack_proto_tcp.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -362,6 +362,11 @@ static int nfattr_to_tcp(struct nfattr *
struct nfattr *attr = cda[CTA_PROTOINFO_TCP-1];
struct nfattr *tb[CTA_PROTOINFO_TCP_MAX];
+ /* updates could not contain anything about the private
+ * protocol info, in that case skip the parsing */
+ if (!attr)
+ return 0;
+
nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr);
if (!tb[CTA_PROTOINFO_TCP_STATE-1])
--
- Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
pgpB2Gu4mBurO.pgp
Description: PGP signature
