netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper
stable inclusion from stable-v5.10.184 commit 35c89cfcac05206c99d3654149b3416e5fcf4a71 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8IRR2 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=35c89cfcac05206c99d3654149b3416e5fcf4a71 -------------------------------- [ Upstream commit e1f543dc ] An nf_conntrack_helper from nf_conn_help may become NULL after DNAT. Observed when TCP port 1720 (Q931_PORT), associated with h323 conntrack helper, is DNAT'ed to another destination port (e.g. 1730), while nfqueue is being used for final acceptance (e.g. snort). This happenned after transition from kernel 4.14 to 5.10.161. Workarounds: * keep the same port (1720) in DNAT * disable nfqueue * disable/unload h323 NAT helper $ linux-5.10/scripts/decode_stacktrace.sh vmlinux < /tmp/kernel.log BUG: kernel NULL pointer dereference, address: 0000000000000084 [..] RIP: 0010:nf_conntrack_update (net/netfilter/nf_conntrack_core.c:2080 net/netfilter/nf_conntrack_core.c:2134) nf_conntrack [..] nfqnl_reinject (net/netfilter/nfnetlink_queue.c:237) nfnetlink_queue nfqnl_recv_verdict (net/netfilter/nfnetlink_queue.c:1230) nfnetlink_queue nfnetlink_rcv_msg (net/netfilter/nfnetlink.c:241) nfnetlink [..] Fixes: ee04805f ("netfilter: conntrack: make conntrack userspace helpers work again") Signed-off-by:Tijs Van Buggenhout <tijs.van.buggenhout@axsguard.com> Signed-off-by:
Loading
Please sign in to comment