conntrackd: fix crash if ExpectationSync is enabled on old Linux kernels

ExpectationSync requires Linux kernel >= 3.5 to work sanely, document this. Still, we don't want to crash if someone enables expectation sync with old Linux kernels (like 2.6.32). Reported-by: James Gutholm <gutholmj@evergreen.edu> Tested-by: James Gutholm <gutholmj@evergreen.edu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2012-10-03 22:19:25 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2012-10-04 10:42:43 +0200
commit: 3f845636159298fb18b6d6c455066d0344a61bee (patch)
tree: d440bd11cafbfd7249aaffe5388d7eabcbc44966 /src/filter.c
parent: a95338a1715b025bf1b39136ba10de5907c1080b (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/src/filter.c b/src/filter.c
index 39dd4ca..02a8078 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -473,7 +473,17 @@ int exp_filter_find(struct exp_filter *f, const struct nf_expect *exp)
 		return 1;
 
 	list_for_each_entry(item, &f->list, head) {
-		const char *name = nfexp_get_attr(exp, ATTR_EXP_HELPER_NAME);
+		const char *name;
+
+		if (nfexp_attr_is_set(exp, ATTR_EXP_HELPER_NAME))
+			name = nfexp_get_attr(exp, ATTR_EXP_HELPER_NAME);
+		else {
+			/* No helper name, this is likely to be a kernel older
+			 * which does not include the helper name, just skip
+			 * this so we don't crash.
+			 */
+			return 0;
+		}
 
 		/* we allow partial matching to support things like sip-PORT. */
 		if (strncasecmp(item->helper_name, name,
author	Pablo Neira Ayuso <pablo@netfilter.org>	2012-10-03 22:19:25 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2012-10-04 10:42:43 +0200
commit	3f845636159298fb18b6d6c455066d0344a61bee (patch)
tree	d440bd11cafbfd7249aaffe5388d7eabcbc44966 /src/filter.c
parent	a95338a1715b025bf1b39136ba10de5907c1080b (diff)