thr3ads.net - netfilter buglog - [Bug 868] New: Null pointer segfault in netlink code [Oct 2013]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at netfilter.org

2013-Oct-24 18:42 UTC

[Bug 868] New: Null pointer segfault in netlink code

https://bugzilla.netfilter.org/show_bug.cgi?id=868

           Summary: Null pointer segfault in netlink code
           Product: nftables
           Version: unspecified
          Platform: x86_64
        OS/Version: Ubuntu
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
        AssignedTo: pablo at netfilter.org
        ReportedBy: john at sager.me.uk
   Estimated Hours: 0.0


In returning set information, the kernel omits the FLAGS attribute if it is
zero (nf_tables_fill_set() in nf_tables_api.c). Consequently, calls to
nft_set_attr_get_u32() in netlink.c fail because that routine (in libnftables)
dereferences a null pointer returned by nft_set_attr_get(). I fixed it in nft
by calling nft_set_attr_is_set() to test for the attribute's existence. It
could also be fixed in the kernel by unconditionally sending the FLAGS
attribute even if it is zero. Also it might be worth putting some more error
checking for missing attributes (do any others get conditionally left out?)

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

bugzilla-daemon at netfilter.org

2013-Oct-25 15:16 UTC

head link

[Bug 868] Null pointer segfault in netlink code

https://bugzilla.netfilter.org/show_bug.cgi?id=868

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> 2013-10-25
17:16:16 CEST ---
Either way (forcing this SET field in the kernel) or checking in nft seems fine
to me.

Patch to address this is welcome.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

bugzilla-daemon at netfilter.org

2013-Oct-25 16:26 UTC

head link

[Bug 868] Null pointer segfault in netlink code

https://bugzilla.netfilter.org/show_bug.cgi?id=868

--- Comment #2 from Phil Oester <netfilter at linuxace.com> 2013-10-25
18:26:15 CEST ---
Created attachment 418
  --> https://bugzilla.netfilter.org/attachment.cgi?id=418
Proposed libnftables patch

Attached should fix this issue.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

bugzilla-daemon at netfilter.org

2013-Oct-25 16:27 UTC

head link

[Bug 868] Null pointer segfault in netlink code

https://bugzilla.netfilter.org/show_bug.cgi?id=868

Phil Oester <netfilter at linuxace.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ave_it_son1 at hotmail.com

--- Comment #3 from Phil Oester <netfilter at linuxace.com> 2013-10-25
18:27:16 CEST ---
*** Bug 869 has been marked as a duplicate of this bug. ***

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

bugzilla-daemon at netfilter.org

2013-Oct-25 17:01 UTC

head link

[Bug 868] Null pointer segfault in netlink code

https://bugzilla.netfilter.org/show_bug.cgi?id=868

--- Comment #4 from John Sager <john at sager.me.uk> 2013-10-25 19:01:14
CEST ---
Phil's patch to libnftables is more generic than fixing it in the kernel, as
it
will deal with any missing u32 attributes. Does it need the same fix in
nft_set_attr_get_str()?

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

bugzilla-daemon at netfilter.org

2013-Oct-28 23:06 UTC

head link

[Bug 868] Null pointer segfault in netlink code

https://bugzilla.netfilter.org/show_bug.cgi?id=868

Phil Oester <netfilter at linuxace.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
                 CC|                            |netfilter at linuxace.com
         Resolution|                            |FIXED

--- Comment #5 from Phil Oester <netfilter at linuxace.com> 2013-10-29
00:06:12 CET ---
Fixed in commit fe59236952 (src: fix possible null pointer dereference in
nft_*_attr_get_*).  Closing.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

Reasonably Related Threads

Search for more maybe matching threads

netfilter buglog - Oct 2013 - [Bug 868] New: Null pointer segfault in netlink code

[Bug 868] New: Null pointer segfault in netlink code

[Bug 868] Null pointer segfault in netlink code

[Bug 868] Null pointer segfault in netlink code

[Bug 868] Null pointer segfault in netlink code

[Bug 868] Null pointer segfault in netlink code

[Bug 868] Null pointer segfault in netlink code

Reasonably Related Threads