bugzilla-daemon at netfilter.org
2019-Jun-19 18:33 UTC
[Bug 1344] New: Segmentation fault in nft add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
https://bugzilla.netfilter.org/show_bug.cgi?id=1344
Bug ID: 1344
Summary: Segmentation fault in nft add rule ip ipv4table
ipv4chain-1 tcp sport { 12345-54321 }
Product: nftables
Version: unspecified
Hardware: All
OS: Ubuntu
Status: NEW
Severity: critical
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: sbezverk at cisco.com
According to documentation ` tcp sport { 12345-54321 }` should be supported but
it fails with Segmentation Fault.
See debug below:
sudo nft --debug all add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321
}
Entering state 0
Reducing stack by rule 1 (line 747):
-> $$ = nterm input (: )
Stack now 0
Entering state 1
Reading a token: --accepting rule at line 275 ("add")
Next token is token "add" (: )
Shifting token "add" (: )
Entering state 19
Reading a token: --accepting rule at line 631 (" ")
--accepting rule at line 249 ("rule")
Next token is token "rule" (: )
Shifting token "rule" (: )
Entering state 12
Reading a token: --accepting rule at line 631 (" ")
--accepting rule at line 388 ("ip")
Next token is token "ip" (: )
Shifting token "ip" (: )
Entering state 35
Reducing stack by rule 246 (line 1845):
$1 = token "ip" (: )
-> $$ = nterm family_spec_explicit (: )
Stack now 0 1 19 12
Entering state 47
Reducing stack by rule 245 (line 1842):
$1 = nterm family_spec_explicit (: )
-> $$ = nterm family_spec (: )
Stack now 0 1 19 12
Entering state 46
Reading a token: --accepting rule at line 631 (" ")
--accepting rule at line 602 ("ipv4table")
Next token is token "string" (: )
Shifting token "string" (: )
Entering state 53
Reducing stack by rule 239 (line 1818):
$1 = token "string" (: )
-> $$ = nterm identifier (: )
Stack now 0 1 19 12 46
Entering state 250
Reducing stack by rule 252 (line 1853):
$1 = nterm family_spec (: )
$2 = nterm identifier (: )
-> $$ = nterm table_spec (: )
Stack now 0 1 19 12
Entering state 48
Reading a token: --accepting rule at line 631 (" ")
--accepting rule at line 602 ("ipv4chain-1")
Next token is token "string" (: )
Shifting token "string" (: )
Entering state 53
Reducing stack by rule 239 (line 1818):
$1 = token "string" (: )
-> $$ = nterm identifier (: )
Stack now 0 1 19 12 48
Entering state 251
Reducing stack by rule 254 (line 1871):
$1 = nterm table_spec (: )
$2 = nterm identifier (: )
-> $$ = nterm chain_spec (: )
Stack now 0 1 19 12
Entering state 49
Reading a token: --accepting rule at line 631 (" ")
--accepting rule at line 449 ("tcp")
Next token is token "tcp" (: )
Reducing stack by rule 268 (line 1982):
$1 = nterm chain_spec (: )
-> $$ = nterm rule_position (: )
Stack now 0 1 19 12
Entering state 59
Next token is token "tcp" (: )
Shifting token "tcp" (: )
Entering state 151
Reading a token: --accepting rule at line 631 (" ")
--accepting rule at line 446 ("sport")
Next token is token "sport" (: )
Shifting token "sport" (: )
Entering state 522
Reducing stack by rule 811 (line 3949):
$1 = token "sport" (: )
-> $$ = nterm tcp_hdr_field (: )
Stack now 0 1 19 12 59 151
Entering state 529
Reducing stack by rule 808 (line 3934):
$1 = token "tcp" (: )
$2 = nterm tcp_hdr_field (: )
-> $$ = nterm tcp_hdr_expr (: )
Stack now 0 1 19 12 59
Entering state 218
Reducing stack by rule 723 (line 3754):
$1 = nterm tcp_hdr_expr (: )
-> $$ = nterm payload_expr (: )
Stack now 0 1 19 12 59
Entering state 333
Reading a token: --accepting rule at line 631 (" ")
--accepting rule at line 209 ("{")
Next token is token '{' (: )
Reducing stack by rule 477 (line 2898):
$1 = nterm payload_expr (: )
-> $$ = nterm primary_expr (: )
Stack now 0 1 19 12 59
Entering state 317
Reducing stack by rule 499 (line 2953):
$1 = nterm primary_expr (: )
-> $$ = nterm shift_expr (: )
Stack now 0 1 19 12 59
Entering state 318
Next token is token '{' (: )
Reducing stack by rule 502 (line 2964):
$1 = nterm shift_expr (: )
-> $$ = nterm and_expr (: )
Stack now 0 1 19 12 59
Entering state 319
Next token is token '{' (: )
Reducing stack by rule 504 (line 2971):
$1 = nterm and_expr (: )
-> $$ = nterm exclusive_or_expr (: )
Stack now 0 1 19 12 59
Entering state 320
Next token is token '{' (: )
Reducing stack by rule 506 (line 2978):
$1 = nterm exclusive_or_expr (: )
-> $$ = nterm inclusive_or_expr (: )
Stack now 0 1 19 12 59
Entering state 321
Next token is token '{' (: )
Reducing stack by rule 508 (line 2985):
$1 = nterm inclusive_or_expr (: )
-> $$ = nterm basic_expr (: )
Stack now 0 1 19 12 59
Entering state 322
Reducing stack by rule 509 (line 2988):
$1 = nterm basic_expr (: )
-> $$ = nterm concat_expr (: )
Stack now 0 1 19 12 59
Entering state 323
Next token is token '{' (: )
Reducing stack by rule 517 (line 3031):
$1 = nterm concat_expr (: )
-> $$ = nterm expr (: )
Stack now 0 1 19 12 59
Entering state 325
Next token is token '{' (: )
Shifting token '{' (: )
Entering state 284
Reading a token: --accepting rule at line 631 (" ")
--accepting rule at line 566 ("12345")
Next token is token "number" (: )
Reducing stack by rule 6 (line 771):
-> $$ = nterm opt_newline (: )
Stack now 0 1 19 12 59 325 284
Entering state 672
Next token is token "number" (: )
Shifting token "number" (: )
Entering state 135
Reducing stack by rule 474 (line 2885):
$1 = token "number" (: )
-> $$ = nterm integer_expr (: )
Stack now 0 1 19 12 59 325 284 672
Entering state 791
Reducing stack by rule 593 (line 3365):
$1 = nterm integer_expr (: )
-> $$ = nterm primary_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672
Entering state 806
Reducing stack by rule 565 (line 3283):
$1 = nterm primary_rhs_expr (: )
-> $$ = nterm shift_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672
Entering state 798
Reading a token: --accepting rule at line 228 ("-")
Next token is token "-" (: )
Reducing stack by rule 568 (line 3294):
$1 = nterm shift_rhs_expr (: )
-> $$ = nterm and_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672
Entering state 799
Next token is token "-" (: )
Reducing stack by rule 570 (line 3301):
$1 = nterm and_rhs_expr (: )
-> $$ = nterm exclusive_or_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672
Entering state 800
Next token is token "-" (: )
Reducing stack by rule 572 (line 3308):
$1 = nterm exclusive_or_rhs_expr (: )
-> $$ = nterm inclusive_or_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672
Entering state 801
Next token is token "-" (: )
Reducing stack by rule 574 (line 3315):
$1 = nterm inclusive_or_rhs_expr (: )
-> $$ = nterm basic_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672
Entering state 919
Next token is token "-" (: )
Shifting token "-" (: )
Entering state 989
Reading a token: --accepting rule at line 566 ("54321")
Next token is token "number" (: )
Shifting token "number" (: )
Entering state 135
Reducing stack by rule 474 (line 2885):
$1 = token "number" (: )
-> $$ = nterm integer_expr (: )
Stack now 0 1 19 12 59 325 284 672 919 989
Entering state 791
Reducing stack by rule 593 (line 3365):
$1 = nterm integer_expr (: )
-> $$ = nterm primary_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672 919 989
Entering state 806
Reducing stack by rule 565 (line 3283):
$1 = nterm primary_rhs_expr (: )
-> $$ = nterm shift_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672 919 989
Entering state 798
Reading a token: --accepting rule at line 631 (" ")
--accepting rule at line 210 ("}")
Next token is token '}' (: )
Reducing stack by rule 568 (line 3294):
$1 = nterm shift_rhs_expr (: )
-> $$ = nterm and_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672 919 989
Entering state 799
Next token is token '}' (: )
Reducing stack by rule 570 (line 3301):
$1 = nterm and_rhs_expr (: )
-> $$ = nterm exclusive_or_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672 919 989
Entering state 800
Next token is token '}' (: )
Reducing stack by rule 572 (line 3308):
$1 = nterm exclusive_or_rhs_expr (: )
-> $$ = nterm inclusive_or_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672 919 989
Entering state 801
Next token is token '}' (: )
Reducing stack by rule 574 (line 3315):
$1 = nterm inclusive_or_rhs_expr (: )
-> $$ = nterm basic_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672 919 989
Entering state 1113
Reducing stack by rule 512 (line 3014):
$1 = nterm basic_rhs_expr (: )
$2 = token "-" (: )
$3 = nterm basic_rhs_expr (: )
-> $$ = nterm range_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672
Entering state 793
Reducing stack by rule 514 (line 3021):
$1 = nterm range_rhs_expr (: )
-> $$ = nterm multiton_rhs_expr (: )
Stack now 0 1 19 12 59 325 284 672
Entering state 914
Reducing stack by rule 538 (line 3112):
$1 = nterm multiton_rhs_expr (: )
-> $$ = nterm set_lhs_expr (: )
Stack now 0 1 19 12 59 325 284 672
Entering state 918
Reducing stack by rule 532 (line 3088):
$1 = nterm set_lhs_expr (: )
-> $$ = nterm set_elem_expr_alloc (: )
Stack now 0 1 19 12 59 325 284 672
Entering state 917
Next token is token '}' (: )
Reducing stack by rule 530 (line 3084):
$1 = nterm set_elem_expr_alloc (: )
-> $$ = nterm set_elem_expr (: )
Stack now 0 1 19 12 59 325 284 672
Entering state 916
Next token is token '}' (: )
Reducing stack by rule 6 (line 771):
-> $$ = nterm opt_newline (: )
Stack now 0 1 19 12 59 325 284 672 916
Entering state 1061
Reducing stack by rule 525 (line 3060):
$1 = nterm opt_newline (: )
$2 = nterm set_elem_expr (: )
$3 = nterm opt_newline (: )
-> $$ = nterm set_list_member_expr (: )
Stack now 0 1 19 12 59 325 284
Entering state 674
Reducing stack by rule 521 (line 3043):
$1 = nterm set_list_member_expr (: )
-> $$ = nterm set_list_expr (: )
Stack now 0 1 19 12 59 325 284
Entering state 673
Next token is token '}' (: )
Shifting token '}' (: )
Entering state 922
Reducing stack by rule 520 (line 3036):
$1 = token '{' (: )
$2 = nterm set_list_expr (: )
$3 = token '}' (: )
-> $$ = nterm set_expr (: )
Stack now 0 1 19 12 59 325
Entering state 795
Reducing stack by rule 564 (line 3280):
$1 = nterm set_expr (: )
-> $$ = nterm rhs_expr (: )
Stack now 0 1 19 12 59 325
Entering state 797
Reducing stack by rule 556 (line 3246):
$1 = nterm expr (: )
$2 = nterm rhs_expr (: )
-> $$ = nterm relational_expr (: )
Stack now 0 1 19 12 59
Entering state 327
Reducing stack by rule 469 (line 2844):
$1 = nterm relational_expr (: )
-> $$ = nterm match_stmt (: )
Stack now 0 1 19 12 59
Entering state 316
Reducing stack by rule 282 (line 2072):
$1 = nterm match_stmt (: )
-> $$ = nterm stmt (: )
Stack now 0 1 19 12 59
Entering state 288
Reducing stack by rule 279 (line 2058):
$1 = nterm stmt (: )
-> $$ = nterm stmt_list (: )
Stack now 0 1 19 12 59
Entering state 287
Reading a token: --accepting rule at line 611 ("
")
Next token is token "newline" (: )
Reducing stack by rule 278 (line 2046):
$1 = nterm stmt_list (: )
-> $$ = nterm rule_alloc (: )
Stack now 0 1 19 12 59
Entering state 286
Next token is token "newline" (: )
Reducing stack by rule 276 (line 2036):
$1 = nterm rule_alloc (: )
-> $$ = nterm rule (: )
Stack now 0 1 19 12 59
Entering state 340
Reducing stack by rule 35 (line 897):
$1 = token "rule" (: )
$2 = nterm rule_position (: )
$3 = nterm rule (: )
-> $$ = nterm add_cmd (: )
Stack now 0 1 19
Entering state 66
Reducing stack by rule 17 (line 858):
$1 = token "add" (: )
$2 = nterm add_cmd (: )
-> $$ = nterm base_cmd (: )
Stack now 0 1
Entering state 44
Next token is token "newline" (: )
Shifting token "newline" (: )
Entering state 4
Reducing stack by rule 3 (line 766):
$1 = token "newline" (: )
-> $$ = nterm stmt_separator (: )
Stack now 0 1 44
Entering state 249
Reducing stack by rule 14 (line 824):
$1 = nterm base_cmd (: )
$2 = nterm stmt_separator (: )
-> $$ = nterm line (: )
Stack now 0 1
Entering state 43
Reducing stack by rule 2 (line 748):
$1 = nterm input (: )
$2 = nterm line (: )
Evaluate add
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
update network layer protocol context:
link layer : none
network layer : ip <-
transport layer : none
Evaluate expression
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^^^^^^^^^^^^^^^^^^^^^
tcp sport { $12345-$54321 }
Evaluate relational
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^^^^^^^^^^^^^^^^^^^^^
tcp sport { $12345-$54321 }
Evaluate payload
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^^^^^
tcp sport
Evaluate expression
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^^^^^
meta l4proto tcp
Evaluate relational
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^^^^^
meta l4proto tcp
Evaluate meta
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^^^^^
meta l4proto
Evaluate value
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^^^^^
tcp
update transport layer protocol context:
link layer : none
network layer : ip
transport layer : tcp <-
update transport layer protocol context:
link layer : none
network layer : ip
transport layer : tcp <-
Evaluate set
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^^^^^^^^^^^
{ $12345-$54321 }
Evaluate set element
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^^^^^^^
$12345-$54321
Evaluate range
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^^^^^^^
$12345-$54321
Evaluate symbol
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^
$12345
Evaluate value
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^
12345
Evaluate symbol
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^
$54321
Evaluate value
add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
^^^^^
54321
-> $$ = nterm input (: )
Stack now 0
Entering state 1
Reading a token: --(end of buffer or a NUL)
--EOF (start condition 0)
Now at end of input.
Shifting token "end of file" (: )
Entering state 2
Stack now 0 1 2
Cleanup: popping token "end of file" (: )
Cleanup: popping nterm input (: )
insert: [3039 d431]
iter: [3039 d431]
list: [0000 3038]
list: [3039 d431]
list: [d432 ffff]
Segmentation fault
Versions:
libnftables0/disco,now 0.9.0-2build1 amd64 [installed,automatic]
libnftnl11/disco,now 1.1.2-2 amd64 [installed,automatic]
nftables/disco,now 0.9.0-2build1 amd64 [installed]
modinfo nf_tables
filename: /lib/modules/5.0.0-16-generic/kernel/net/netfilter/nf_tables.ko
alias: nfnetlink-subsys-10
author: Patrick McHardy <kaber at trash.net>
license: GPL
srcversion: 5E084112980A8EDE80BA526
depends: nfnetlink
retpoline: Y
intree: Y
name: nf_tables
vermagic: 5.0.0-16-generic SMP mod_unload
Linux ubuntu 5.0.0-16-generic #17-Ubuntu SMP Wed May 15 10:52:21 UTC 2019
x86_64 x86_64 x86_64 GNU/Linux
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190619/996d32bc/attachment-0001.html>
bugzilla-daemon at netfilter.org
2019-Jul-12 10:11 UTC
[Bug 1344] Segmentation fault in nft add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
https://bugzilla.netfilter.org/show_bug.cgi?id=1344
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
I cannot reproduce this crash with nftables 0.9.1
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190712/488ba477/attachment-0001.html>
bugzilla-daemon at netfilter.org
2019-Jul-12 10:11 UTC
[Bug 1344] Segmentation fault in nft add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
https://bugzilla.netfilter.org/show_bug.cgi?id=1344
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|ASSIGNED |RESOLVED
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190712/d174d5d3/attachment.html>
Apparently Analagous Threads
- [Bug 953] New: Meta priority parsing is broken
- [Bug 1396] New: When rule with 3 concat elements are added, nft list shows only 2
- [Bug 1395] New: Add element fails with Error: Could not process rule: Invalid argument
- survival package - pspline
- [Bug 950] New: ct status