From 3503738f77cdbe521da1054a37f59ac2e442b4cf Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Mon, 6 Jun 2016 21:52:28 +0200
Subject: payload: don't update protocol context if we can't find a description

Since commit
20b1131c07acd2fc ("payload: fix stacked headers protocol context tracking")
we deref null pointer if we can't find a description for the desired
protocol, so "ip protocol 254" crashes while testing protocols 6 or 17
(tcp, udp) works.

Also add a test case for this.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1072
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/payload.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src')

diff --git a/src/payload.c b/src/payload.c
index ac0e917a..9ba980a5 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -85,6 +85,9 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
 	base = ctx->protocol[left->payload.base].desc;
 	desc = proto_find_upper(base, proto);
 
+	if (!desc)
+		return;
+
 	assert(desc->base <= PROTO_BASE_MAX);
 	if (desc->base == base->base) {
 		assert(base->length > 0);
-- 
cgit v1.2.3