netfilter buglog - Jan 2012 - [Bug 766] New: Segmentation Fault using Hop Limit and ICMPV6-TYPE in same rule

http://bugzilla.netfilter.org/show_bug.cgi?id=766

           Summary: Segmentation Fault using Hop Limit and ICMPV6-TYPE in
                    same rule
           Product: iptables
           Version: unspecified
          Platform: x86_64
        OS/Version: Debian GNU/Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: ip6tables
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: fukawi2+netfilter at gmail.com
   Estimated Hours: 0.0


Trying to create a rule using both "--icmpv6-type" and
"--hl-eq" results in a
Segmentation Fault:

# ip6tables -A tgt_ICMP6 -m hl ! --hl-eq 255 -p icmpv6 --icmpv6-type redirect
-j DROP
Segmentation fault

Replicated on both CentOS 6 (iptables-ipv6 1.4.7) and Debian 6 (iptables 1.4.8)
(Both x86_64)

Removing either argument lets the remaining criteria work:
# ip6tables -A tgt_ICMP6 -p icmpv6 --icmpv6-type redirect -j DROP
# ip6tables -A tgt_ICMP6 -m hl --hl-eq 255 -p icmpv6  -j DROP
#

Not sure what other information is relevant; Just let me know and I'll be
happy
to provide :)


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=766

--- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> 2013-03-02
21:18:30 CET ---
I cannot reproduce the problem with current iptables git snapshop (mostly
1.4.17).

Are you still using iptables 1.4.7 and 1.4.8 to test this?

If not, can you run ip6tables under valgrind?

Thanks.

-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.