netfilter: nfnetlink: check callbacks before using those in nfnetlink_rcv_msg

nfnetlink_rcv_msg() might call a NULL callback which will cause NULL pointer
dereference.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 3e797d1fcb94272ad96b9798e91a6e6467031379..4acdd76bb6c4db0e2379b3970e190a9e02d8eca6 100644 (file)
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -184,9 +184,11 @@ replay:
                                        lockdep_is_held(&nfnl_mutex)) != ss ||
                            nfnetlink_find_client(type, ss) != nc)
                                err = -EAGAIN;
-                       else
+                       else if (nc->call)
                                err = nc->call(net->nfnl, skb, nlh,
                                                   (const struct nlattr **)cda);
+                       else
+                               err = -EINVAL;
                        nfnl_unlock();
                }
                if (err == -EAGAIN)