netfilter buglog - May 2017 - [Bug 1150] New: Iptables fails to match rules with malloc perturberation activated

https://bugzilla.netfilter.org/show_bug.cgi?id=1150

            Bug ID: 1150
           Summary: Iptables fails to match rules with malloc
                    perturberation activated
           Product: iptables
           Version: unspecified
          Hardware: x86_64
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: iptables
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: goeran at uddeborg.se

On my Fedora system, I've upgraded to Fedora 26 versions of iptables and, in
case it matters, glibc.

  iptables-1.6.1-2.fc26.x86_64
  glibc-2.25-4.fc26.x86_64

I also have the debugmode package installed, which sets the environment
variable MALLOC_PERTURB_ to a random value.  The variable is meant to
"detecting  errors  where  programs  incorrectly rely on allocated memory
being
initialized to zero, or reuse values in memory that has already been
freed."
It appears iptables in some cases do this.

I haven't figured out exactly what conditions trigger the bug, but here is
one
way to reliably reproduce the behaviour:

  iptables -t nat -N testchain
  iptables -t nat -A testchain  -j SNAT --to-source 1.2.3.4
  MALLOC_PERTURB_=42 iptables -t nat -D testchain  -j SNAT --to-source 1.2.3.4

The last command gives the error message 

  iptables: No chain/target/match by that name.

The rule I try to remove is still present.  If I disable malloc perturberation
by setting the variable to 0, the command succeeds

  MALLOC_PERTURB_=0 iptables -t nat -D testchain  -j SNAT --to-source 1.2.3.4

This gives no error message, and the rule is indeed gone.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170521/a5b2dadf/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1150

Florian Westphal <fw at strlen.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fw at strlen.de

--- Comment #1 from Florian Westphal <fw at strlen.de> ---
Do you use 4.11 kernel? If so, this is most likely fixed by:

https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git/commit/?id=324318f0248c31be8a08984146e7e4dd7cdd091d

nevertheless, this should also be fixed on iptables side.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170521/e7598187/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1150

--- Comment #2 from G�ran Uddeborg <goeran at uddeborg.se>
---
> Do you use 4.11 kernel?
I guess "almost" is an appropriate answer :-), more exactly:
4.11.0-0.rc8.git0.1.fc26.x86_64

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170521/8fbf76ce/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1150

Florian Westphal <fw at strlen.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190910/b739d777/attachment.html>