[patch 11/23] [PATCH] [NETFILTER] ctnetlink: check if protoinfo is present

From: Chris Wright
Date: Tue Nov 22 2005 - 16:09:42 EST

-stable review patch. If anyone has any objections, please let us know.

This fixes an oops triggered from userspace. If we don't pass information
about the private protocol info, the reference to attr will be NULL. This is
likely to happen in update messages.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Signed-off-by: Harald Welte <laforge@xxxxxxxxxxxxx>
Signed-off-by: Chris Wright <chrisw@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
net/ipv4/netfilter/ip_conntrack_proto_tcp.c | 5 +++++
1 file changed, 5 insertions(+)

--- linux-
+++ linux-
@@ -362,6 +362,11 @@ static int nfattr_to_tcp(struct nfattr *
struct nfattr *attr = cda[CTA_PROTOINFO_TCP-1];
struct nfattr *tb[CTA_PROTOINFO_TCP_MAX];

+ /* updates could not contain anything about the private
+ * protocol info, in that case skip the parsing */
+ if (!attr)
+ return 0;
if (nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr) < 0)
goto nfattr_failure;

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/