git.baikalelectronics.ru Git - kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 18 Jun 2012 15:29:53 +0000 (17:29 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 18 Jun 2012 22:18:38 +0000 (00:18 +0200)
commit	fb950a64f95909e6d61ce4cabd16ccb85a5d8e1c
tree	b490519b58ad9139980d42a29bbfa2f2e025f359	tree \| snapshot
parent	ab104394ae51777d16d88dd86c3b3072ec45f083	commit \| diff

netfilter: ctnetlink: fix NULL dereference while trying to change helper

The patch 4daa009e264e: "netfilter: nf_ct_helper: implement variable
length helper private data" from Jun 7, 2012, leads to the following
Smatch complaint:

net/netfilter/nf_conntrack_netlink.c:1231 ctnetlink_change_helper()
         error: we previously assumed 'help->helper' could be null (see line 1228)

This NULL dereference can be triggered with the following sequence:

1) attach the helper for first time when the conntrack is created.
2) remove the helper module or detach the helper from the conntrack
   via ctnetlink.
3) attach helper again (the same or different one, no matter) to the
   that existing conntrack again via ctnetlink.

This patch fixes the problem by removing the use case that allows you
to re-assign again a helper for one conntrack entry via ctnetlink since
I cannot find any practical use for it.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>