[NETFILTER]: H.323 conntrack: fix crash with CONFIG_IP_NF_CT_ACCT

H.323 connection tracking code calls ip_ct_refresh_acct() when
processing RCFs and URQs but passes NULL as the skb.
When CONFIG_IP_NF_CT_ACCT is enabled, the connection tracking core tries
to derefence the skb, which results in an obvious panic.
A similar fix was applied on the SIP connection tracking code some time
ago.

Signed-off-by: Faidon Liambotis <paravoid@debian.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 2 insertions, 2 deletions

diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
index 7b7441202bfd..6cb9070cd0bc 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
@@ -1417,7 +1417,7 @@ static int process_rcf(struct sk_buff **pskb, struct ip_conntrack *ct,
                 DEBUGP
                     ("ip_ct_ras: set RAS connection timeout to %u seconds\n",
                      info->timeout);
-                ip_ct_refresh_acct(ct, ctinfo, NULL, info->timeout * HZ);
+                ip_ct_refresh(ct, *pskb, info->timeout * HZ);
 
                 /* Set expect timeout */
                 read_lock_bh(&ip_conntrack_lock);
@@ -1465,7 +1465,7 @@ static int process_urq(struct sk_buff **pskb, struct ip_conntrack *ct,
         info->sig_port[!dir] = 0;
 
         /* Give it 30 seconds for UCF or URJ */
-        ip_ct_refresh_acct(ct, ctinfo, NULL, 30 * HZ);
+        ip_ct_refresh(ct, *pskb, 30 * HZ);
 
         return 0;
 }