Skip to content

Commit

Permalink
netfilter: nft_ct: fix null pointer in ct expectations support
Browse files Browse the repository at this point in the history 
nf_ct_helper_ext_add may return null, which must then be checked.

Fixes: 857b460 ("netfilter: nft_ct: add ct expectations support")
Reported-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Stéphane Veyret <sveyret@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Stéphane Veyret authored and Pablo Neira Ayuso committed Jun 19, 2019
1 parent 72c5e11 commit 2f0513d
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions net/netfilter/nft_ct.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1232,6 +1232,10 @@ static void nft_ct_expect_obj_eval(struct nft_object *obj,
help = nfct_help(ct);
if (!help)
help = nf_ct_helper_ext_add(ct, GFP_ATOMIC);
if (!help) {
regs->verdict.code = NF_DROP;
return;
}

if (help->expecting[NF_CT_EXPECT_CLASS_DEFAULT] >= priv->size) {
regs->verdict.code = NFT_BREAK;
Expand Down

0 comments on commit 2f0513d

Please sign in to comment.