From 9a8d198e1416774cb3ec3270fc0694df64fdee44 Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@netfilter.org>
Date: Mon, 14 Jun 2004 03:28:58 -0700
Subject: [PATCH] [NETFILTER]: Don't assign new helper after NAT when there are
 already expectations present.

Tracked down by Raivis Bucis <raivis@mt.lv>

This patch fixes an oops while listing /proc/net/ip_conntrack.

When a helper sets up expectations based on the first packet (tftp),
NAT can still change the packet and cause conntrack to look for a new helper
based on the new tuple. When no helper is found, expectant->helper will be
NULL, which leads to an oops in print_expect().

Only assign a new helper in ip_conntrack_alter_reply() if there are no
expectations.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@redhat.com>
---
 net/ipv4/netfilter/ip_conntrack_core.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 50a467898671..b79afaf452a9 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -1127,10 +1127,8 @@ int ip_conntrack_alter_reply(struct ip_conntrack *conntrack,
 	DUMP_TUPLE(newreply);
 
 	conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = *newreply;
-	if (!conntrack->master)
-		conntrack->helper = LIST_FIND(&helpers, helper_cmp,
-					      struct ip_conntrack_helper *,
-					      newreply);
+	if (!conntrack->master && list_empty(&conntrack->sibling_list))
+		conntrack->helper = ip_ct_find_helper(newreply);
 	WRITE_UNLOCK(&ip_conntrack_lock);
 
 	return 1;
-- 
2.39.5