bugzilla-daemon at netfilter.org
2018-Jan-14 16:07 UTC
[Bug 1215] New: nft -c "" segfaults
https://bugzilla.netfilter.org/show_bug.cgi?id=1215
Bug ID: 1215
Summary: nft -c "" segfaults
Product: nftables
Version: unspecified
Hardware: x86_64
OS: other
Status: NEW
Severity: major
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: najamelan at autistici.org
I'm trying to use nft -c to verify an autogenerated variable which is a set
of
"ipv4 . port".
But the nft -c utility segfaults. It doesn't seem to segfault when the input
is
invalid, I see:
> nft -c "\;"
Error: syntax error, unexpected junk
\;
^
but:
> nft -c ";"
fish: “nft -c ";"” terminated by signal SIGSEGV (Address boundary
error)
and basically for any other valid input including the empty string.
Journalctl shows:
Stack trace of thread 7337:
#0 0x00007fd0f2abef10 mnl_socket_get_fd (libmnl.so.0)
#1 0x0000557b554d78a3 n/a (nft)
#2 0x0000557b554b68b8 n/a (nft)
#3 0x0000557b554b62c5 n/a (nft)
#4 0x00007fd0f201bf4a __libc_start_main (libc.so.6)
#5 0x0000557b554b654a n/a (nft)
# nft --version
nftables v0.8 (Joe Btfsplk)
# ldd (which nft)
linux-vdso.so.1 (0x00007ffccf0dc000)
libmnl.so.0 => /usr/lib/libmnl.so.0 (0x00007f56823b5000)
libnftnl.so.7 => /usr/lib/libnftnl.so.7 (0x00007f568218b000)
libreadline.so.7 => /usr/lib/libreadline.so.7 (0x00007f5681f3d000)
libgmp.so.10 => /usr/lib/libgmp.so.10 (0x00007f5681caa000)
libc.so.6 => /usr/lib/libc.so.6 (0x00007f56818f3000)
libncursesw.so.6 => /usr/lib/libncursesw.so.6 (0x00007f56816bb000)
/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2
(0x00007f5682834000)
libtinfo.so.6 => /usr/lib/libtinfo.so.6 (0x00007f568148f000)
# uname --all
Linux computer 4.14.13-1-ARCH #1 SMP PREEMPT Wed Jan 10 11:14:50 UTC 2018
x86_64 GNU/Linux
I first ran into nft -c segfaulting when trying to test my set of ip's which
is
quite big (about 12000) entries. The core dump was different than for the
little tests shown above. I don't know if it's the same bug, so this is
the
core dump:
Stack trace of thread 5796:
#0 0x00007f1d8d726bc0 mnl_nlmsg_batch_is_empty (libmnl.so.0)
#1 0x00007f1d8d5028b1 nftnl_batch_iovec_len (libnftnl.so.7)
#2 0x0000564bd1eb190d n/a (nft)
#3 0x0000564bd1e908b8 n/a (nft)
#4 0x0000564bd1e904e0 n/a (nft)
#5 0x00007f1d8cc82f4a __libc_start_main (libc.so.6)
#6 0x0000564bd1e9054a n/a (nft)
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180114/4c2464f2/attachment.html>
https://bugzilla.netfilter.org/show_bug.cgi?id=1215
--- Comment #1 from Naja Melan <najamelan at autistici.org> ---
I now see I get certain inputs that don't segfault:
nft -c "table inet filter {}"
Maybe it segfaults when there is no table. When there is just like a variable
define statement or an empty string.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180116/8c7257db/attachment.html>
https://bugzilla.netfilter.org/show_bug.cgi?id=1215
Florian Westphal <fw at strlen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
CC| |fw at strlen.de
--- Comment #2 from Florian Westphal <fw at strlen.de> ---
fixed in 0.8.3, thanks for reporting this bug.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180303/4d4f927d/attachment.html>