From a6ec82b4fb95ba9321e244a5251cf67b794c6ae0 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 20 Dec 2022 15:29:57 +0100
Subject: conntrack: Sanitize free_tmpl_objects()

The function unconditionally dereferenced its parameter, yet it is
possible for the passed 'cur_tmpl' pointer when called from exit_error()
to be still NULL: It is assigned to by alloc_tmpl_objects() at start of
do_parse(), though callers of that function might call exit_error() in
beforehand.

Fixes: 258b4540f4512 ("conntrack: add struct ct_tmpl")
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 src/conntrack.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/conntrack.c b/src/conntrack.c
index 2bd71e1..23eaf27 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -139,6 +139,8 @@ static int alloc_tmpl_objects(struct ct_tmpl *tmpl)
 
 static void free_tmpl_objects(struct ct_tmpl *tmpl)
 {
+	if (!tmpl)
+		return;
 	if (tmpl->ct)
 		nfct_destroy(tmpl->ct);
 	if (tmpl->exptuple)
-- 
cgit v1.2.3