[NETFILTER]: H.323 helper: fix possible NULL-ptr dereference An RCF message containing a timeout results in a NULL-ptr dereference if no RRQ has been seen before. Noticed by the "SATURN tool", reported by Thomas Dillig <tdillig@stanford.edu> and Isil Dillig <isil@stanford.edu>. Signed-off-by: Patrick McHardy <kaber@trash.net> --- commit 165c3b26ee609cecb6eff4b2c19dab8caaf2b8a2 tree 0a997ee463fc47d43d9bf1dcc5989d5dd4268cc3 parent 245b3c810f1d09ac27f326346cb58451556ecc0b author Patrick McHardy <kaber@trash.net> Tue, 25 Jul 2006 02:26:53 +0200 committer Patrick McHardy <kaber@trash.net> Tue, 25 Jul 2006 02:26:53 +0200 net/ipv4/netfilter/ip_conntrack_helper_h323.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c index 518f581..853a3d5 100644 --- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c +++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c @@ -1092,7 +1092,7 @@ static struct ip_conntrack_expect *find_ tuple.dst.protonum = IPPROTO_TCP; exp = __ip_conntrack_expect_find(&tuple); - if (exp->master == ct) + if (exp && exp->master == ct) return exp; return NULL; }
Seems like it was decided that this is not a security issue.