[NETFILTER]: Don't assign new helper after NAT when there are already expectations present.

Tracked down by Raivis Bucis <raivis@mt.lv>

This patch fixes an oops while listing /proc/net/ip_conntrack.

When a helper sets up expectations based on the first packet (tftp),
NAT can still change the packet and cause conntrack to look for a new helper
based on the new tuple. When no helper is found, expectant->helper will be
NULL, which leads to an oops in print_expect().
 
Only assign a new helper in ip_conntrack_alter_reply() if there are no
expectations.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@redhat.com>

net/ipv4/netfilter/ip_conntrack_core.c

@@ -1127,10 +1127,8 @@ int ip_conntrack_alter_reply(struct ip_conntrack *conntrack,
 	DUMP_TUPLE(newreply);
 
 	conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = *newreply;
-	if (!conntrack->master)
-		conntrack->helper = LIST_FIND(&helpers, helper_cmp,
-					      struct ip_conntrack_helper *,
-					      newreply);
+	if (!conntrack->master && list_empty(&conntrack->sibling_list))
+		conntrack->helper = ip_ct_find_helper(newreply);
 	WRITE_UNLOCK(&ip_conntrack_lock);
 
 	return 1;