From e664524e05ad555cfb0e7851a7cfeb573fcc27b5 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 23 Jun 2009 17:38:18 +0200
Subject: NFCT: fix NULL dereference when hashtable is full

This patch fixes a NULL dereference to the timestamp structure when
hashtable_add() fails, for example, because the hashtable is full.

Reported-by: Bernhard Schmidt <berni@birkenwald.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 input/flow/ulogd_inpflow_NFCT.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'input/flow')

diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index b8278af..b16687e 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -596,6 +596,9 @@ static int event_handler(enum nf_conntrack_msg_type type,
 	switch(type) {
 	case NFCT_T_NEW:
 		ts = hashtable_add(cpi->ct_active, &tmp);
+		if (ts == NULL)
+			return NFCT_CB_CONTINUE;
+
 		gettimeofday(&ts->time[START], NULL);
 		return NFCT_CB_STOLEN;
 	case NFCT_T_UPDATE:
@@ -604,6 +607,9 @@ static int event_handler(enum nf_conntrack_msg_type type,
 			nfct_copy(ts->ct, ct, NFCT_CP_META);
 		else {
 			ts = hashtable_add(cpi->ct_active, &tmp);
+			if (ts == NULL)
+				return NFCT_CB_CONTINUE;
+
 			gettimeofday(&ts->time[START], NULL);
 			return NFCT_CB_STOLEN;
 		}
@@ -734,6 +740,9 @@ static int overrun_handler(enum nf_conntrack_msg_type type,
 	/* if it does not exist, add it */
 	if (!hashtable_get(cpi->ct_active, &tmp)) {
 		ts = hashtable_add(cpi->ct_active, &tmp);
+		if (ts == NULL)
+			return NFCT_CB_CONTINUE;
+
 		gettimeofday(&ts->time[START], NULL); /* do our best here */
 		return NFCT_CB_STOLEN;
 	}
-- 
cgit v1.2.3