[NETFILTER]: nfnetlink_queue: fix possible NULL-ptr dereference

Fix NULL-ptr dereference when a config message for a non-existant
queue containing only an NFQA_CFG_PARAMS attribute is received.

Coverity #433

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index cac38b2e147aec5cf1aa10707753150585dc9d9f..2cf5fb8322c4942ab3fce8158cf1f4333ab037d2 100644 (file)
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -928,8 +928,12 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
 
        if (nfqa[NFQA_CFG_PARAMS-1]) {
                struct nfqnl_msg_config_params *params;
-               params = NFA_DATA(nfqa[NFQA_CFG_PARAMS-1]);
 
+               if (!queue) {
+                       ret = -ENOENT;
+                       goto out_put;
+               }
+               params = NFA_DATA(nfqa[NFQA_CFG_PARAMS-1]);
                nfqnl_set_mode(queue, params->copy_mode,
                                ntohl(params->copy_range));
        }