diff options
| author |   Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> | 2012-06-28 02:57:47 +0000 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2012-07-04 19:47:53 +0200 |
| commit | 59560a38a379b6c9048620ee10711d3c0c5974b3 (patch) | |
| tree | cc1a05e5f826b947274b3d34485b58a5b1023c2d | |
| parent | netfilter: nf_ct_tcp: missing per-net support for cttimeout (diff) | |
| download | linux-dev-59560a38a379b6c9048620ee10711d3c0c5974b3.tar.xz linux-dev-59560a38a379b6c9048620ee10711d3c0c5974b3.zip | |
netfilter: nfnetlink: check callbacks before using those in nfnetlink_rcv_msg
nfnetlink_rcv_msg() might call a NULL callback which will cause NULL pointer
dereference.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/nfnetlink.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index 3e797d1fcb94..4acdd76bb6c4 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c @@ -184,9 +184,11 @@ replay: lockdep_is_held(&nfnl_mutex)) != ss || nfnetlink_find_client(type, ss) != nc) err = -EAGAIN; - else + else if (nc->call) err = nc->call(net->nfnl, skb, nlh, (const struct nlattr **)cda); + else + err = -EINVAL; nfnl_unlock(); } if (err == -EAGAIN) |