bugzilla-daemon at netfilter.org
2013-Jul-20 21:44 UTC
[Bug 834] New: nft crash when invalid meta proto is used
https://bugzilla.netfilter.org/show_bug.cgi?id=834
Summary: nft crash when invalid meta proto is used
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
AssignedTo: pablo at netfilter.org
ReportedBy: eric at regit.org
Estimated Hours: 0.0
The following operation causes a crash:
nft add rule ip6 filter input position 4 meta protocol icmpv6 accept
1035 switch ((*expr)->ops->type) {
(gdb) bt
#0 0x0000000000409225 in expr_evaluate (ctx=ctx at entry=0x7fffffffd8c0,
expr=expr at entry=0x639638) at src/evaluate.c:1035
#1 0x00000000004093ee in expr_evaluate_symbol (expr=0x639638,
ctx=0x7fffffffd8c0) at src/evaluate.c:216
#2 expr_evaluate (ctx=ctx at entry=0x7fffffffd8c0, expr=expr at entry=0x639638)
at
src/evaluate.c:1037
#3 0x0000000000409b8f in expr_evaluate_relational (expr=0x6396a8,
ctx=0x7fffffffd8c0) at src/evaluate.c:854
#4 expr_evaluate (ctx=ctx at entry=0x7fffffffd8c0, expr=expr at entry=0x6396a8)
at
src/evaluate.c:1068
#5 0x000000000040a962 in stmt_evaluate_expr (stmt=0x639660,
ctx=0x7fffffffd8c0) at src/evaluate.c:1077
#6 stmt_evaluate (ctx=ctx at entry=0x7fffffffe120, stmt=stmt at entry=0x639250)
at
src/evaluate.c:1160
#7 0x000000000040aef8 in rule_evaluate (ctx=0x7fffffffe120, rule=0x6397d0) at
src/evaluate.c:1235
#8 0x000000000040b1c5 in cmd_evaluate_add (cmd=0x639860, ctx=0x7fffffffd8c0)
at src/evaluate.c:1292
#9 cmd_evaluate (cmd=0x639860, ctx=0x7fffffffd8c0) at src/evaluate.c:1335
#10 evaluate (ctx=ctx at entry=0x7fffffffd8c0,
commands=commands at entry=0x7fffffffdff0) at src/evaluate.c:1352
#11 0x0000000000404eed in nft_run (scanner=scanner at entry=0x6392a0,
state=state at entry=0x7fffffffda20, msgs=msgs at entry=0x7fffffffda10) at
src/main.c:162
#12 0x0000000000404ba3 in main (argc=12, argv=<optimized out>) at
src/main.c:288
The issue is linked with icmpv6 being used. WHen runn with debug=all option:
<cmdline>:1:52-57: Evaluate
add rule ip6 filter input position 4 meta protocol icmpv6 accept
^^^^^^
$icmpv6
BUG: invalid input descriptor type 538976288
nft: src/erec.c:100: erec_print: Assertion `0' failed.
Abandon
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2013-Jul-24 13:25 UTC
[Bug 834] nft crash when invalid meta proto is used
https://bugzilla.netfilter.org/show_bug.cgi?id=834
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> 2013-07-24
15:25:49 CEST ---
Fixed by:
http://git.netfilter.org/nftables/commit/?id=a320531e78f1bcb12b24da048f34592771392a9a
Thanks for reporting!
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Possibly Parallel Threads
- [Bug 1079] New: nft-0.6: segfault on add rule ip filter INPUT ip protocol igmp counter accept
- [Bug 947] New: meta protocol doesn't work with sets
- [Bug 915] New: segfault in error case : expr_evaluate_payload not checking payload->payload.desc being null
- [Bug 1148] New: Getting a segmentation fault for some reason
- Panic: file mail-storage.c: line 834 (mailbox_verify_name): assertion failed