netfilter: nfnetlink: check callbacks before using those in nfnetlink_rcv_msg
authorTomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Thu, 28 Jun 2012 02:57:47 +0000 (02:57 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 4 Jul 2012 17:47:53 +0000 (19:47 +0200)
nfnetlink_rcv_msg() might call a NULL callback which will cause NULL pointer
dereference.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nfnetlink.c

index 3e797d1fcb94272ad96b9798e91a6e6467031379..4acdd76bb6c4db0e2379b3970e190a9e02d8eca6 100644 (file)
@@ -184,9 +184,11 @@ replay:
                                        lockdep_is_held(&nfnl_mutex)) != ss ||
                            nfnetlink_find_client(type, ss) != nc)
                                err = -EAGAIN;
-                       else
+                       else if (nc->call)
                                err = nc->call(net->nfnl, skb, nlh,
                                                   (const struct nlattr **)cda);
+                       else
+                               err = -EINVAL;
                        nfnl_unlock();
                }
                if (err == -EAGAIN)