[patch 03/23] : H.323 helper: fix possible NULL-ptr dereference

[Greg KH]

-stable review patch.  If anyone has any objections, please let us know.

------------------
From: Patrick McHardy <kaber@xxxxxxxxx>

[NETFILTER]: H.323 helper: fix possible NULL-ptr dereference

An RCF message containing a timeout results in a NULL-ptr dereference if
no RRQ has been seen before.

Noticed by the "SATURN tool", reported by Thomas Dillig <tdillig@xxxxxxxxxxxx>
and Isil Dillig <isil@xxxxxxxxxxxx>.

Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
 net/ipv4/netfilter/ip_conntrack_helper_h323.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- linux-2.6.17.7.orig/net/ipv4/netfilter/ip_conntrack_helper_h323.c
+++ linux-2.6.17.7/net/ipv4/netfilter/ip_conntrack_helper_h323.c
@@ -1092,7 +1092,7 @@ static struct ip_conntrack_expect *find_
 	tuple.dst.protonum = IPPROTO_TCP;
 
 	exp = __ip_conntrack_expect_find(&tuple);
-	if (exp->master == ct)
+	if (exp && exp->master == ct)
 		return exp;
 	return NULL;
 }

--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/