From 972e6b3c19f3c79b59804308efac447bd2d016ec Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 23 Nov 2008 15:31:29 +0100 Subject: helper: fix missing copy function for helper name This patch fixes a NULL dereference to a function pointer in nfct_copy() that is triggered when you try to copy the helper name. This patch also adds an assertion to easily report similar problems in the future. Thanks to for his detailed debugging report. Reported-by: Wolfram Schlich Signed-off-by: Pablo Neira Ayuso --- src/conntrack/api.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/conntrack/api.c') diff --git a/src/conntrack/api.c b/src/conntrack/api.c index a5ddbc2..6dae83f 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -892,6 +892,7 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags == NFCT_CP_ALL) { for (i=0; iset)) { + assert(copy_attr_array[i]); copy_attr_array[i](ct1, ct2); set_bit(i, ct1->set); } @@ -917,6 +918,7 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags & NFCT_CP_ORIG) { for (i=0; i<__CP_ORIG_MAX; i++) { if (test_bit(cp_orig_mask[i], ct2->set)) { + assert(copy_attr_array[i]); copy_attr_array[cp_orig_mask[i]](ct1, ct2); set_bit(cp_orig_mask[i], ct1->set); } @@ -938,6 +940,7 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags & NFCT_CP_REPL) { for (i=0; i<__CP_REPL_MAX; i++) { if (test_bit(cp_repl_mask[i], ct2->set)) { + assert(copy_attr_array[i]); copy_attr_array[cp_repl_mask[i]](ct1, ct2); set_bit(cp_repl_mask[i], ct1->set); } @@ -947,6 +950,7 @@ void nfct_copy(struct nf_conntrack *ct1, if (flags & NFCT_CP_META) { for (i=ATTR_TCP_STATE; iset)) { + assert(copy_attr_array[i]), copy_attr_array[i](ct1, ct2); set_bit(i, ct1->set); } @@ -967,6 +971,7 @@ void nfct_copy_attr(struct nf_conntrack *ct1, const enum nf_conntrack_attr type) { if (test_bit(type, ct2->set)) { + assert(copy_attr_array[type]); copy_attr_array[type](ct1, ct2); set_bit(type, ct1->set); } -- cgit v1.2.3