[Bug 1351] Segfault in v0.9.1

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue Jul 16 18:30:08 CEST 2019


--- Comment #1 from Florian Westphal <fw at strlen.de> ---
(In reply to 4bzilla from comment #0)
> OS: Arch Linux
> After updating to v0.9.1 I am getting a segfault when loading my rules using
> nft -f $rule_file.
> This also happens when I build from the current master branch.
> Cant post my rules because they are made of multiple include files and I
> currently dont have the time to strip them down to a minimum.
> But I think the following trace might help:
> (gdb) bt
> #0  0x00007ffff7d78162 in __strcmp_avx2 () from /usr/lib/libc.so.6
> #1  0x00007ffff7ef95df in chain_lookup_fuzzy (h=0x555555593090,
> cache=0x55555555baa0, t=0x7fffffffe718) at rule.c:858
> #2  0x00007ffff7f06cc5 in chain_not_found (ctx=0x7fffffffe970) at
> evaluate.c:189
> #3  0x00007ffff7f0f4c9 in rule_cache_update (ctx=0x7fffffffe970,
> op=CMD_INVALID) at evaluate.c:3238
> #4  0x00007ffff7f0f8d3 in rule_evaluate (ctx=0x7fffffffe970,
> rule=0x555555568f60, op=CMD_INVALID) at evaluate.c:3324
> #5  0x00007ffff7f0fc73 in chain_evaluate (ctx=0x7fffffffe970,
> chain=0x555555568c80) at evaluate.c:3405
> #6  0x00007ffff7f0fff0 in table_evaluate (ctx=0x7fffffffe970,
> table=0x555555568a70) at evaluate.c:3464
> #7  0x00007ffff7f10255 in cmd_evaluate_add (ctx=0x7fffffffe970,
> cmd=0x555555593050) at evaluate.c:3496
> #8  0x00007ffff7f1140d in cmd_evaluate (ctx=0x7fffffffe970,
> cmd=0x555555593050) at evaluate.c:3957
> #9  0x00007ffff7f335a2 in nft_evaluate (nft=0x55555555ba20,
> msgs=0x7fffffffeb00, cmds=0x7fffffffeb10) at libnftables.c:396
> #10 0x00007ffff7f339d8 in nft_run_cmd_from_filename (nft=0x55555555ba20,
> filename=0x7fffffffeea2 "/etc/nftables/nftables.conf") at libnftables.c:479
> #11 0x00005555555567a2 in main (argc=3, argv=0x7fffffffec78) at main.c:310
> (gdb) info r rdi
> rdi            0x555555562f40      93824992292672
> (gdb) info r rsi
> rsi            0x0                 0
> Please note that rsi (the second argument to strcmp) is NULL.

In this case this patch should prevent a crash, but i sure would like
to understand why chain.name is NULL in first place, or what the ruleset
that triggers this looks like.

All nft shell test cases pass at this time.
Can you run with this patch, does that give any clue where the problem/the
problematic rule (combination) is?

diff --git a/src/rule.c b/src/rule.c
--- a/src/rule.c
+++ b/src/rule.c
@@ -851,6 +851,9 @@ struct chain *chain_lookup_fuzzy(const struct handle *h,
        struct table *table;
        struct chain *chain;

+       if (!h->chain.name)
+               return NULL;

        list_for_each_entry(table, &cache->list, list) {

You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190716/1ad6404a/attachment.html>

More information about the netfilter-buglog mailing list