bugzilla-daemon at netfilter.org
2018-Feb-01 12:41 UTC
[Bug 1222] New: nft list ruleset – infinite memory use
https://bugzilla.netfilter.org/show_bug.cgi?id=1222 Bug ID: 1222 Summary: nft list ruleset – infinite memory use Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: grawity at gmail.com When this specific rule is inserted, trying to view it using `nft list ruleset` causes the nft client to start allocating infinite amounts of RAM: --- table inet filter { chain input { ct original ip daddr {1.2.3.4} accept } } --- (The {set} is important – a standalone address doesn't cause this issue.) nft debug output ends with: --- ... Evaluate list list ruleset ^^^^^^^^^^^^^ inet filter input 2 [ ct load l3protocol => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ ct load dst => reg 1 , dir original ] [ lookup reg 1 set __set0 0x0 ] [ immediate reg 0 accept ] <begins eating memory at this point> --- nftables 0.8.1 libnftnl 1.0.9 linux 4.9.78, 4.13.13 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180201/7dbe4cc2/attachment.html>
bugzilla-daemon at netfilter.org
2018-Feb-01 12:54 UTC
[Bug 1222] nft list ruleset – infinite memory use
https://bugzilla.netfilter.org/show_bug.cgi?id=1222 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> --- Reproducible here. We're hitting an infinite loop in netlink_parse_concat_expr(). len is never updated, so while (len > 0) always evaluates true. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180201/55fbe2ce/attachment.html>
bugzilla-daemon at netfilter.org
2018-Feb-01 23:54 UTC
[Bug 1222] nft list ruleset – infinite memory use
https://bugzilla.netfilter.org/show_bug.cgi?id=1222 --- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> --- For the record. This fixes the infinite loop. diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 2637f4baaec4..5ad3192a57aa 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -307,7 +307,7 @@ static void netlink_parse_lookup(struct netlink_parse_ctx *ctx, return netlink_error(ctx, loc, "Lookup expression has no left hand side"); - if (left->len < set->key->len) { + if (left->len > 0 && left->len < set->key->len) { left = netlink_parse_concat_expr(ctx, loc, sreg, set->key->len); if (left == NULL) return; However, this is still broken with ct saddr and concatenations. Still considering here where to go with this bug report. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180201/0b050fd5/attachment.html>
bugzilla-daemon at netfilter.org
2018-Feb-02 13:33 UTC
[Bug 1222] nft list ruleset – infinite memory use
https://bugzilla.netfilter.org/show_bug.cgi?id=1222 --- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> --- Not definitive solution, but let's just make sure we don't hit this infinite loop. https://patchwork.ozlabs.org/patch/868556/ -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180202/5474c631/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jul-16 16:02 UTC
[Bug 1222] nft list ruleset – infinite memory use
https://bugzilla.netfilter.org/show_bug.cgi?id=1222 Florian Westphal <fw at strlen.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution|--- |FIXED CC| |fw at strlen.de --- Comment #4 from Florian Westphal <fw at strlen.de> --- (In reply to grawity from comment #0)> When this specific rule is inserted, trying to view it using `nft list > ruleset` causes the nft client to start allocating infinite amounts of RAM: > > --- > table inet filter { > chain input { > ct original ip daddr {1.2.3.4} accept > } > }This is now fixed in nftables git master via http://git.netfilter.org/nftables/commit/?id=87c0bee7f04917623c35e850ad223222a93520d1 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190716/11331bc5/attachment.html>
Possibly Parallel Threads
- [Bug 1406] New: nft dies with an assertion of consumed > 0
- [Bug 935] New: Frag: problem with frag-off
- [Bug 936] New: frag: "more-fragments" and "reserved" are not identified by nftables
- [Bug 1330] New: Parse error for importing set with netmask
- [Bug 1429] New: Empty file in source directory - 'netlink_delinearize.'