Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#64755 - [iptables-nft] segfaults on restore with certain input

Attached to Project: Arch Linux
Opened by Jason A. Donenfeld (zx2c4) - Friday, 06 December 2019, 17:34 GMT
Last edited by freswa (frederik) - Wednesday, 12 February 2020, 11:24 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Jan Alexander Steffens (heftig)
Bartłomiej Piotrowski (Barthalion)
Architecture x86_64
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Here's a minimal reproducer:

printf '*filter\nCOMMIT\n*raw\nCOMMIT\n*mangle\nCOMMIT\n' | sudo iptables-nft-restore -n

Here's a backtrace:

(gdb) run -n /root/blah
Starting program: /usr/bin/iptables-restore -n /root/blah

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7f98cc9 in nftnl_table_list_free () from /usr/lib/libnftnl.so.11
(gdb) bt
#0 0x00007ffff7f98cc9 in nftnl_table_list_free () from /usr/lib/libnftnl.so.11
#1 0x0000555555564546 in ?? ()
#2 0x0000555555567f21 in ?? ()
#3 0x000055555556082a in ?? ()
#4 0x0000555555561063 in ?? ()
#5 0x00007ffff7dd9153 in __libc_start_main () from /usr/lib/libc.so.6
#6 0x000055555555c07e in ?? ()
This task depends upon

Closed by  freswa (frederik)
Wednesday, 12 February 2020, 11:24 GMT
Reason for closing:  Fixed
Additional comments about closing:  1:1.8.4-1
Comment by Philip Müller (philm) - Friday, 17 January 2020, 10:28 GMT
See here: https://bugzilla.netfilter.org/show_bug.cgi?id=1394 For now only a downgrade to 1.8.3 can act as a workaround. The regression was introduced with 1.8.4
Comment by Michel Koss (MichelKoss1) - Friday, 31 January 2020, 18:02 GMT
@philm this bug report was opened against 1.8.3. 1.8.4 fixes the reproducer presented here. Bug you link to is different issue.

Loading...