bugzilla-daemon at bugzilla.netfilter.org
2012-Mar-01 02:33 UTC
[Bug 774] New: iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 Summary: iptables-restore can't parses the quoted parameter correctly. Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: iptables-restore AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: fryasu at yahoo.co.jp Estimated Hours: 0.0 Created attachment 378 --> http://bugzilla.netfilter.org/attachment.cgi?id=378 The simple patch to correct the parsing of quoted parameter. iptables-restore can't parse the parameter which is bundled with double-quotation character(""). for instance, the following text data was registered by "iptables-restore -n" command. *filter -A OUTPUT -m string --string "FOOO" --algo bm -j ACCEPT COMMIT Then, the contents of registration are checked by "iptables-save" command, $ iptables-save |grep string -A OUTPUT -m string --string "--st" --algo bm --to 65535 -j ACCEPT the parameter "FOO" is corrupted obviously to the one parameter before, This seems the simple bug. I tried to make the simple patch. If this patch become to help to you even a little, I'm happy. regards, -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Mar-01 10:44 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 fryasu at yahoo.co.jp changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fryasu at yahoo.co.jp Platform|All |i386 OS/Version|All |Fedora --- Comment #1 from fryasu at yahoo.co.jp 2012-03-01 11:44:02 CET --- My environment is gcc 4.7.0 and Fedora 17(rawhide). Parhaps this bug depends on compiler version... -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jun-25 20:38 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 Peter Wu <lekensteyn at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tothandor at gmail.com --- Comment #2 from Peter Wu <lekensteyn at gmail.com> 2012-06-25 22:38:36 CEST --- *** Bug 790 has been marked as a duplicate of this bug. *** -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jun-25 20:41 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 Peter Wu <lekensteyn at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lekensteyn at gmail.com --- Comment #3 from Peter Wu <lekensteyn at gmail.com> 2012-06-25 22:41:53 CEST --- I can confirm this issue on gcc 4.7.1 on Arch Linux. Other bug reports include https://bugzilla.redhat.com/show_bug.cgi?id=827919. With optimization flags -O1 or higher, this bug kicks in. It is a tricky one that the compiler does not catch. No wonder, it is undefined behavior. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jun-25 20:57 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 Peter Wu <lekensteyn at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hvtaifwkbgefbaei at gmail.com --- Comment #4 from Peter Wu <lekensteyn at gmail.com> 2012-06-25 22:57:37 CEST --- *** Bug 782 has been marked as a duplicate of this bug. *** -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jun-26 06:42 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 Eugene Markow <ejmarkow at yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ejmarkow at yahoo.com --- Comment #5 from Eugene Markow <ejmarkow at yahoo.com> 2012-06-26 08:42:19 CEST --- (In reply to comment #4)> *** Bug 782 has been marked as a duplicate of this bug. ***As noted in my comment in the duplicate Bug Report #782, I can also confirm this issue with GCC 4.7.1 on Arch Linux x86-64. All of my system specs are shown in that post. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jul-09 11:31 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 samlt <sam-nf at sltosis.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sam-nf at sltosis.org -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jul-20 21:58 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 jamie at strandboge.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jamie at strandboge.com --- Comment #6 from jamie at strandboge.com 2012-07-20 23:58:14 CEST --- I can also confirm this on Ubuntu 12.10 (https://launchpad.net/bugs/1027252), amd64 with gcc-4.7. Using the submitted patch resolves the issue. This patch is also now included in Fedora 17 (from https://bugzilla.redhat.com/show_bug.cgi?id=825796, see https://admin.fedoraproject.org/updates/FEDORA-2012-10826/iptables-1.4.14-2.fc17). -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jul-22 18:09 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 pl.bugs2 at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pl.bugs2 at gmail.com --- Comment #7 from pl.bugs2 at gmail.com 2012-07-22 20:09:16 CEST --- (In reply to comment #0)> Created attachment 378 [details] > The simple patch to correct the parsing of quoted parameter. > > iptables-restore can't parse the parameter which is > bundled with double-quotation character(""). > > for instance, the following text data was registered > by "iptables-restore -n" command. > > *filter > -A OUTPUT -m string --string "FOOO" --algo bm -j ACCEPT > COMMIT > > Then, the contents of registration are checked by > "iptables-save" command, > > $ iptables-save |grep string > -A OUTPUT -m string --string "--st" --algo bm --to 65535 -j ACCEPT > > the parameter "FOO" is corrupted obviously to the one > parameter before, > > This seems the simple bug. I tried to make the simple > patch. If this patch become to help to you even a little, > I'm happy. > > regards,Hello, Thank you for attaching your patch. It solves the problem for me on Debian. Cheers. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jul-23 11:24 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pablo at netfilter.org --- Comment #8 from Pablo Neira Ayuso <pablo at netfilter.org> 2012-07-23 13:24:31 CEST --- (In reply to comment #7)> (In reply to comment #0) > > Created attachment 378 [details] [details] > > The simple patch to correct the parsing of quoted parameter. > > > > iptables-restore can't parse the parameter which is > > bundled with double-quotation character(""). > > > > for instance, the following text data was registered > > by "iptables-restore -n" command. > > > > *filter > > -A OUTPUT -m string --string "FOOO" --algo bm -j ACCEPT > > COMMIT > > > > Then, the contents of registration are checked by > > "iptables-save" command, > > > > $ iptables-save |grep string > > -A OUTPUT -m string --string "--st" --algo bm --to 65535 -j ACCEPT > > > > the parameter "FOO" is corrupted obviously to the one > > parameter before, > > > > This seems the simple bug. I tried to make the simple > > patch. If this patch become to help to you even a little, > > I'm happy. > > > > regards, > > Hello, > > Thank you for attaching your patch. It solves the problem for me on Debian. > > Cheers.I'm proposing this patch instead: marc.info/?l=netfilter-devel&m=134304022429189&w=2 If nobody complains, I'll merge it to mainstream. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jul-23 11:36 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 --- Comment #9 from Peter Wu <lekensteyn at gmail.com> 2012-07-23 13:36:46 CEST --- If all it does it moving the param parsing to a function and thereby also moving the declaration of param_buffer (as the commit msg and patch suggest), then I am fine with that. I don't think you need to ping gcc people for this, the previous behaviour was undefined. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jul-23 13:00 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 --- Comment #10 from Pablo Neira Ayuso <pablo at netfilter.org> 2012-07-23 15:00:15 CEST --- (In reply to comment #9)> If all it does it moving the param parsing to a function and thereby also > moving the declaration of param_buffer (as the commit msg and patch suggest), > then I am fine with that. > > I don't think you need to ping gcc people for this, the previous behaviour was > undefined.Then, I'm missing anything. I don't see any dereference to param_buffer out of the loop and add_argv.(In reply to comment #9)> If all it does it moving the param parsing to a function and thereby also > moving the declaration of param_buffer (as the commit msg and patch suggest), > then I am fine with that. > > I don't think you need to ping gcc people for this, the previous behaviour was > undefined.Then, I'm really missing anything, because I still don't see why that param_buffer needs to be declared out of the loop. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jul-23 16:10 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 --- Comment #11 from Peter Wu <lekensteyn at gmail.com> 2012-07-23 18:10:38 CEST --- The core of this bug is essentially the same as the below code snippet: --- BEGIN CODE --- #include <stdio.h> int main() { int i, j = 0; for (i = 0; i < 5; i++) { char x[10]; if (i == 4) { x[i] = 0; printf("%s\n", x); break; } x[j++] = '0' + i; } return 0; } --- END CODE --- You may expect "0123\n" to be printed, but if variable x is gone after the for compound statement in the for-loop terminates, it is not guaranteed that x equals the x identifier from the previous iteration. I though that this was the "correct behaviour". But then I looked in the C standard document. The ISO/IEC 9899:1999 document[1] states:> An iteration statement is a block whose scope is a strict subset of > the scope of its scope of enclosing block. The loop body is also a > block whose scope is a strict subset of the scope of the iteration > statement.So "x" from the above code belongs to the scope of the whole for-loop expression (for(A;B;C)D), and not just D if I have read the standard correctly? In that case GCC does indeed have a bug and my previous assumption was wrong. Does anyone already have pinged GCC? [1]: http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.netfilter.org
2012-Jul-23 16:23 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 --- Comment #12 from Peter Wu <lekensteyn at gmail.com> 2012-07-23 18:23:53 CEST --- Giving it another thought, redeclarations in the same scope is forbidden. So I either have skipped something in the standard or there is an undefined case. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.netfilter.org
2012-Aug-20 15:26 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 Peter Wu <lekensteyn at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #13 from Peter Wu <lekensteyn at gmail.com> 2012-08-20 17:26:46 CEST --- Fixed in netfilter 1.4.15 http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=2165f38d2582e88e8a9dd9416f34eca7a7672e5a -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.netfilter.org
2012-Nov-17 13:01 UTC
[Bug 774] iptables-restore can't parses the quoted parameter correctly.
http://bugzilla.netfilter.org/show_bug.cgi?id=774 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |spamme at ecybernard.com --- Comment #14 from Pablo Neira Ayuso <pablo at netfilter.org> 2012-11-17 14:01:38 CET --- *** Bug 799 has been marked as a duplicate of this bug. *** -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes. You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- [Bug 782] New: -j LOG --log-prefix handling broken
- [Bug 1400] New: "COMMIT expected at line ..." when iptables-restore 1.8.4 (nft) parses stdin with empty lines
- [Bug 884] New: the rule of TEE target with '--oif' option cannot be deleted.
- [Bug 1394] New: "Bad argument `ACCEPT'" when iptables-restore (nft) parses stdin
- Re: The values entered in the program are different from print p