bugzilla-daemon at netfilter.org
2019-Dec-22 07:32 UTC
[Bug 1391] New: iptables-nft-restore --test can segfault
https://bugzilla.netfilter.org/show_bug.cgi?id=1391
Bug ID: 1391
Summary: iptables-nft-restore --test can segfault
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: normal
Priority: P5
Component: iptables over nftable
Assignee: pablo at netfilter.org
Reporter: kfm at plushkava.net
Upon first ever using iptables-nft-restore to test a long-standing production
ruleset, I encountered a segmentation fault. I have been able to reduce it to
this test case:
# printf '%s\nCOMMIT\n' '*nat' '*raw' '*filter'
| iptables-nft-restore --test
Omitting the --test option prevents the segfault from occurring.
Currently, I am testing with a Gentoo Linux system that uses the following
components:
Linux 5.4.5
glibc-2.29
iptables-1.8.4
libmnl-1.0.4
libnfnetlink-1.0.1
libnftnl-1.1.5
Some additional details have been shared with Pablo via private correspondence.
I shall post them here, if requested.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191222/e814dfd8/attachment.html>
bugzilla-daemon at netfilter.org
2020-Apr-15 22:22 UTC
[Bug 1391] iptables-nft-restore --test can segfault
https://bugzilla.netfilter.org/show_bug.cgi?id=1391
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pablo at netfilter.org,
| |phil at nwl.cc
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
I observe no crash in the iptables snapshot in git.
IIRC, this has been fixed in one of the recent patches from Phil.
It would great if we could have a shell test in the tree to cover this one.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200415/f28066e5/attachment.html>
bugzilla-daemon at netfilter.org
2020-Apr-28 15:44 UTC
[Bug 1391] iptables-nft-restore --test can segfault
https://bugzilla.netfilter.org/show_bug.cgi?id=1391
Phil Sutter <phil at nwl.cc> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Phil Sutter <phil at nwl.cc> ---
Hi,
I just pushed a test case, the problem is indeed fixed meanwhile.
Thanks for reporting,
Phil
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200428/f4cf4cbd/attachment.html>
Possibly Parallel Threads
- [Bug 1734] New: nft set with auto-merge json import/export
- [Bug 914] New: nft configure does not use --prefix as include/lib search path
- [Bug 1481] New: [ebtables-nft] ebtables -E gives error
- [Bug 1281] New: Using kernel 4.18.10, nft commandline tool or nft -f can't parse negative priority values over -200.
- [Bug 1074] New: nft-0.{5, 6}: configure.ac: Replace automagic dblatex dependency with configure switch