netfilter buglog - May 2014 - [Bug 948] New: tcp doff option crashes nft

https://bugzilla.netfilter.org/show_bug.cgi?id=948

           Summary: tcp doff option crashes nft
           Product: nftables
           Version: unspecified
          Platform: x86_64
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: nft
        AssignedTo: pablo at netfilter.org
        ReportedBy: anarey at gmail.com
   Estimated Hours: 0.0


There is a problem when we use doff parameter:

* We add the following rule, and It shows these error.

 $ sudo nft add rule ip test input tcp doff 33

==14515== Invalid read of size 4
==14515==    at 0x40D9E0: payload_expr_alloc (payload.c:111)
==14515==    by 0x41CB63: nft_parse (parser.y:1967)
==14515==    by 0x405BCF: nft_run (main.c:223)
==14515==    by 0x405854: main (main.c:334)
==14515==  Address 0x4 is not stack'd, malloc'd or (recently) free'd
==14515== 
==14515== 
==14515== Process terminating with default action of signal 11 (SIGSEGV)
==14515==  Access not within mapped region at address 0x4
==14515==    at 0x40D9E0: payload_expr_alloc (payload.c:111)
==14515==    by 0x41CB63: nft_parse (parser.y:1967)
==14515==    by 0x405BCF: nft_run (main.c:223)
==14515==    by 0x405854: main (main.c:334)
==14515==  If you believe this happened as a result of a stack
==14515==  overflow in your program's main thread (unlikely but
==14515==  possible), you can try to increase the size of the
==14515==  main thread stack using the --main-stacksize= flag.
==14515==  The main thread stack size used in this run was 8388608.


* Then, We list the table, and It doesn't list this rule:

 $ sudo nft list table ip test
table ip test {
    chain input {
    }
}

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.