bugzilla-daemon at netfilter.org
2019-Dec-22 07:32 UTC
[Bug 1391] New: iptables-nft-restore --test can segfault
https://bugzilla.netfilter.org/show_bug.cgi?id=1391 Bug ID: 1391 Summary: iptables-nft-restore --test can segfault Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: normal Priority: P5 Component: iptables over nftable Assignee: pablo at netfilter.org Reporter: kfm at plushkava.net Upon first ever using iptables-nft-restore to test a long-standing production ruleset, I encountered a segmentation fault. I have been able to reduce it to this test case: # printf '%s\nCOMMIT\n' '*nat' '*raw' '*filter' | iptables-nft-restore --test Omitting the --test option prevents the segfault from occurring. Currently, I am testing with a Gentoo Linux system that uses the following components: Linux 5.4.5 glibc-2.29 iptables-1.8.4 libmnl-1.0.4 libnfnetlink-1.0.1 libnftnl-1.1.5 Some additional details have been shared with Pablo via private correspondence. I shall post them here, if requested. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191222/e814dfd8/attachment.html>
bugzilla-daemon at netfilter.org
2020-Apr-15 22:22 UTC
[Bug 1391] iptables-nft-restore --test can segfault
https://bugzilla.netfilter.org/show_bug.cgi?id=1391 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pablo at netfilter.org, | |phil at nwl.cc --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> --- I observe no crash in the iptables snapshot in git. IIRC, this has been fixed in one of the recent patches from Phil. It would great if we could have a shell test in the tree to cover this one. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200415/f28066e5/attachment.html>
bugzilla-daemon at netfilter.org
2020-Apr-28 15:44 UTC
[Bug 1391] iptables-nft-restore --test can segfault
https://bugzilla.netfilter.org/show_bug.cgi?id=1391 Phil Sutter <phil at nwl.cc> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #2 from Phil Sutter <phil at nwl.cc> --- Hi, I just pushed a test case, the problem is indeed fixed meanwhile. Thanks for reporting, Phil -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200428/f4cf4cbd/attachment.html>
Reasonably Related Threads
- [Bug 1407] New: Segfault with iptables-nft-restore when flush rules included
- [Bug 1734] New: nft set with auto-merge json import/export
- [Bug 1400] New: "COMMIT expected at line ..." when iptables-restore 1.8.4 (nft) parses stdin with empty lines
- [Bug 914] New: nft configure does not use --prefix as include/lib search path
- [Bug 1481] New: [ebtables-nft] ebtables -E gives error