[NETFILTER] nfnetlink: skip size check if size not specified (== 0)

[linux-2.6] / net / ipv4 / netfilter / ip_conntrack_proto_tcp.c

diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
index 6ea4b22ff28dfdb504bd37cc8f55f80e9b29db65..5b3f5220f2896cc965d809f1678847b1471e79f8 100644 (file)
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -362,6 +362,11 @@ static int nfattr_to_tcp(struct nfattr *cda[], struct ip_conntrack *ct)
        struct nfattr *attr = cda[CTA_PROTOINFO_TCP-1];
        struct nfattr *tb[CTA_PROTOINFO_TCP_MAX];
 
+       /* updates could not contain anything about the private
+        * protocol info, in that case skip the parsing */
+       if (!attr)
+               return 0;
+
         nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr);
 
        if (!tb[CTA_PROTOINFO_TCP_STATE-1])
@@ -809,6 +814,7 @@ static u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG) + 1] =
 {
        [TH_SYN]                        = 1,
        [TH_SYN|TH_ACK]                 = 1,
+       [TH_SYN|TH_PUSH]                = 1,
        [TH_SYN|TH_ACK|TH_PUSH]         = 1,
        [TH_RST]                        = 1,
        [TH_RST|TH_ACK]                 = 1,