[NETFILTER] ctnetlink: check if protoinfo is present

This fixes an oops triggered from userspace. If we don't pass information
about the private protocol info, the reference to attr will be NULL. This is
likely to happen in update messages.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
index 6ea4b22ff28dfdb504bd37cc8f55f80e9b29db65..468c6003b4c78c7715bdffd7cedffefc66bc0989 100644 (file)
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -362,6 +362,11 @@ static int nfattr_to_tcp(struct nfattr *cda[], struct ip_conntrack *ct)
        struct nfattr *attr = cda[CTA_PROTOINFO_TCP-1];
        struct nfattr *tb[CTA_PROTOINFO_TCP_MAX];
 
+       /* updates could not contain anything about the private
+        * protocol info, in that case skip the parsing */
+       if (!attr)
+               return 0;
+
         nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr);
 
        if (!tb[CTA_PROTOINFO_TCP_STATE-1])