[Bug 619] New: If /proc/sys/kernel/modprobe is absent, errno is clobbered in get_modprobe

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Mon Nov 9 01:34:08 CET 2009


           Summary: If /proc/sys/kernel/modprobe is absent, errno is
                    clobbered in get_modprobe
           Product: iptables
           Version: 1.3.5
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P1
         Component: iptables
        AssignedTo: laforge at netfilter.org
        ReportedBy: rbarnhardt at bluecatnetworks.com

In do_command(), if iptc_init() fails, it's expected that errno will be set to
a useful value that is printed by xtables_error().

However, when iptc_init() fails for the first time, an attempt is made to load
the ip_tables module via xtables_load_ko(), which in turn calls
xtables_insmod(), which calls get_modprobe() to get the path of the binary from
the proc filesystem (if it wasn't explicitly specified with --modprobe).  To
that end, get_modprobe() attempts to open() /proc/sys/kernel/modprobe, which
may be absent (eg. if LKM support is not enabled).  In that case, the failed
open() will set errno to ENOENT, clobbering whatever value it may have held
from the first failed call to iptc_init().  

This will result in a confusing error being reported...

iptables vx.x.x: can't initialize iptables table 'filter': No
chain/target/match by that name

...when the original problem in iptc_init() may have been something else
entirely (eg. ENOMEM).

Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the netfilter-buglog mailing list