[ulogd2] NFCT: fix NULL dereference when hashtable is full

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Tue Jun 23 19:19:55 CEST 2009 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=ulogd2.git;a=commit;h=e664524e05ad555cfb0e7851a7cfeb573fcc27b5
commit e664524e05ad555cfb0e7851a7cfeb573fcc27b5
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Tue Jun 23 17:38:18 2009 +0200
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Tue Jun 23 17:38:18 2009 +0200

    NFCT: fix NULL dereference when hashtable is full
    
    This patch fixes a NULL dereference to the timestamp structure when
    hashtable_add() fails, for example, because the hashtable is full.
    
    Reported-by: Bernhard Schmidt <berni at birkenwald.de>
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  e664524e05ad555cfb0e7851a7cfeb573fcc27b5 (commit)
      from  072959dbc1778a8f85aac9d6ef842ce9222d1fea (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e664524e05ad555cfb0e7851a7cfeb573fcc27b5
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Tue Jun 23 17:38:18 2009 +0200

    NFCT: fix NULL dereference when hashtable is full
    
    This patch fixes a NULL dereference to the timestamp structure when
    hashtable_add() fails, for example, because the hashtable is full.
    
    Reported-by: Bernhard Schmidt <berni at birkenwald.de>
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 input/flow/ulogd_inpflow_NFCT.c |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)
This patch fixes a NULL dereference to the timestamp structure when
hashtable_add() fails, for example, because the hashtable is full.

Reported-by: Bernhard Schmidt <berni at birkenwald.de>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index b8278af..b16687e 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -596,6 +596,9 @@ static int event_handler(enum nf_conntrack_msg_type type,
 	switch(type) {
 	case NFCT_T_NEW:
 		ts = hashtable_add(cpi->ct_active, &tmp);
+		if (ts == NULL)
+			return NFCT_CB_CONTINUE;
+
 		gettimeofday(&ts->time[START], NULL);
 		return NFCT_CB_STOLEN;
 	case NFCT_T_UPDATE:
@@ -604,6 +607,9 @@ static int event_handler(enum nf_conntrack_msg_type type,
 			nfct_copy(ts->ct, ct, NFCT_CP_META);
 		else {
 			ts = hashtable_add(cpi->ct_active, &tmp);
+			if (ts == NULL)
+				return NFCT_CB_CONTINUE;
+
 			gettimeofday(&ts->time[START], NULL);
 			return NFCT_CB_STOLEN;
 		}
@@ -734,6 +740,9 @@ static int overrun_handler(enum nf_conntrack_msg_type type,
 	/* if it does not exist, add it */
 	if (!hashtable_get(cpi->ct_active, &tmp)) {
 		ts = hashtable_add(cpi->ct_active, &tmp);
+		if (ts == NULL)
+			return NFCT_CB_CONTINUE;
+
 		gettimeofday(&ts->time[START], NULL); /* do our best here */
 		return NFCT_CB_STOLEN;
 	}

More information about the netfilter-cvslog mailing list