FS#47289 - [nftables] Segfault when loading rules with ip sets

Attached to Project: Arch Linux
Opened by Henrik Juul Pedersen (henrikjuul) - Monday, 07 December 2015, 10:49 GMT
Last edited by Sébastien Luttringer (seblu) - Monday, 07 December 2015, 22:39 GMT
Task Type Bug Report
Category Upstream Bugs
Status Closed
Assigned To Sébastien Luttringer (seblu)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
nft version 0.5 segfaults when loading rules containing sets.

See also:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801087

Fixed upstream in patch:
http://git.netfilter.org/nftables/commit/src/expression.c?id=e6c83f45f522283c7afff4de7a71113116352dbf

Could we consider applying the patch until next release from upstream?



Steps to reproduce (from the above commit log):
define addrs={ 1.2.3.4 }
table ip filter {
chain input {
type filter hook input priority 0;
ip saddr $addrs accept
}
}

segfaults. Using saddr { 1.2.3.4 } instead of $addrs works.


Thanks,
/Henrik
   nft-expression-provide-clone-... (0.9 KiB)
This task depends upon

Closed by  Sébastien Luttringer (seblu)
Monday, 07 December 2015, 22:39 GMT
Reason for closing:  Fixed
Additional comments about closing:  1:0.5-2

Loading...