bugzilla-daemon at netfilter.org
2018-Jan-14 16:07 UTC
[Bug 1215] New: nft -c "" segfaults
https://bugzilla.netfilter.org/show_bug.cgi?id=1215 Bug ID: 1215 Summary: nft -c "" segfaults Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: najamelan at autistici.org I'm trying to use nft -c to verify an autogenerated variable which is a set of "ipv4 . port". But the nft -c utility segfaults. It doesn't seem to segfault when the input is invalid, I see:> nft -c "\;"Error: syntax error, unexpected junk \; ^ but:> nft -c ";"fish: “nft -c ";"” terminated by signal SIGSEGV (Address boundary error) and basically for any other valid input including the empty string. Journalctl shows: Stack trace of thread 7337: #0 0x00007fd0f2abef10 mnl_socket_get_fd (libmnl.so.0) #1 0x0000557b554d78a3 n/a (nft) #2 0x0000557b554b68b8 n/a (nft) #3 0x0000557b554b62c5 n/a (nft) #4 0x00007fd0f201bf4a __libc_start_main (libc.so.6) #5 0x0000557b554b654a n/a (nft) # nft --version nftables v0.8 (Joe Btfsplk) # ldd (which nft) linux-vdso.so.1 (0x00007ffccf0dc000) libmnl.so.0 => /usr/lib/libmnl.so.0 (0x00007f56823b5000) libnftnl.so.7 => /usr/lib/libnftnl.so.7 (0x00007f568218b000) libreadline.so.7 => /usr/lib/libreadline.so.7 (0x00007f5681f3d000) libgmp.so.10 => /usr/lib/libgmp.so.10 (0x00007f5681caa000) libc.so.6 => /usr/lib/libc.so.6 (0x00007f56818f3000) libncursesw.so.6 => /usr/lib/libncursesw.so.6 (0x00007f56816bb000) /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007f5682834000) libtinfo.so.6 => /usr/lib/libtinfo.so.6 (0x00007f568148f000) # uname --all Linux computer 4.14.13-1-ARCH #1 SMP PREEMPT Wed Jan 10 11:14:50 UTC 2018 x86_64 GNU/Linux I first ran into nft -c segfaulting when trying to test my set of ip's which is quite big (about 12000) entries. The core dump was different than for the little tests shown above. I don't know if it's the same bug, so this is the core dump: Stack trace of thread 5796: #0 0x00007f1d8d726bc0 mnl_nlmsg_batch_is_empty (libmnl.so.0) #1 0x00007f1d8d5028b1 nftnl_batch_iovec_len (libnftnl.so.7) #2 0x0000564bd1eb190d n/a (nft) #3 0x0000564bd1e908b8 n/a (nft) #4 0x0000564bd1e904e0 n/a (nft) #5 0x00007f1d8cc82f4a __libc_start_main (libc.so.6) #6 0x0000564bd1e9054a n/a (nft) -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180114/4c2464f2/attachment.html>
https://bugzilla.netfilter.org/show_bug.cgi?id=1215 --- Comment #1 from Naja Melan <najamelan at autistici.org> --- I now see I get certain inputs that don't segfault: nft -c "table inet filter {}" Maybe it segfaults when there is no table. When there is just like a variable define statement or an empty string. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180116/8c7257db/attachment.html>
https://bugzilla.netfilter.org/show_bug.cgi?id=1215 Florian Westphal <fw at strlen.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED CC| |fw at strlen.de --- Comment #2 from Florian Westphal <fw at strlen.de> --- fixed in 0.8.3, thanks for reporting this bug. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180303/4d4f927d/attachment.html>