netfilter buglog - Mar 2010 - [Bug 641] New: iptables-restore buffer overflow

http://bugzilla.netfilter.org/show_bug.cgi?id=641

           Summary: iptables-restore buffer overflow
           Product: iptables
           Version: unspecified
          Platform: All
               URL: https://bugzilla.redhat.com/show_bug.cgi?id=545600
        OS/Version: Fedora
            Status: NEW
          Severity: critical
          Priority: P1
         Component: iptables-restore
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: benny+netfilter at amorsen.dk


When using iptables-restore with a sufficiently long chain name, iptables
crashes and the kernel reports a buffer overflow.

Easily reproducible:

iptables-restore <<EOF
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:abcdefghijklmnopqrstuvwxyz123 - [0:0]
-A FORWARD -i eth0.204 -o eth1.901 -j abcdefghijklmnopqrstuvwxyz123
EOF

Problem exists in iptables-1.4.5-1.fc12.i686, iptables-1.4.6-2.fc13.x86_64, and
iptables-1.4.7-1.fc14.x86_64, all from Fedora.

It was a bit of fun when our test firewall booted without rules...


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.netfilter.org/show_bug.cgi?id=641


jengelh at medozas.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|netfilter-                  |jengelh at medozas.de
                   |buglog at lists.netfilter.org  |




-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the assignee for the bug, or are watching the assignee.