[NETFILTER]: ctnetlink: check for status attribute existence on conntrack creation

Check that status flags are available in the netlink message received to create a new conntrack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2006-11-28 20:35:31 -0500
committer: David S. Miller <davem@sunset.davemloft.net> 2006-12-03 00:31:27 -0500
commit: bbb3357d14f6becd156469220992ef7ab0f10e69 (patch)
tree: f24b5b6491c76d3b384bc09307d6b841fbc0370c /net/ipv4
parent: 1b683b551209ca46ae59b29572018001db5af078 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 3d277aa869dd..d5d2efddba57 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -945,9 +945,11 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
        ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
        ct->status |= IPS_CONFIRMED;
-        err = ctnetlink_change_status(ct, cda);
+        if (cda[CTA_STATUS-1]) {
-        if (err < 0)
+                err = ctnetlink_change_status(ct, cda);
-                goto err;
+                if (err < 0)
+                        goto err;
+        }
        if (cda[CTA_PROTOINFO-1]) {
                err = ctnetlink_change_protoinfo(ct, cda);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2006-11-28 20:35:31 -0500
committer	David S. Miller <davem@sunset.davemloft.net>	2006-12-03 00:31:27 -0500
commit	bbb3357d14f6becd156469220992ef7ab0f10e69 (patch)
tree	f24b5b6491c76d3b384bc09307d6b841fbc0370c /net/ipv4
parent	1b683b551209ca46ae59b29572018001db5af078 (diff)