[Bug 1485] New: Buggy parsing of malformed rule within implicit chain causes assertion and core dump

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue Dec 1 20:30:08 CET 2020


https://bugzilla.netfilter.org/show_bug.cgi?id=1485

            Bug ID: 1485
           Summary: Buggy parsing of malformed rule within implicit chain
                    causes assertion and core dump
           Product: nftables
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: kfm at plushkava.net

For example:-

# nft add table ip t
# nft add chain ip t c
# nft add rule ip t c tcp dport 80 jump { ip saddr 127.0.0.1 daddr 127.0.0.1 }
nft: parser_bison.y:75: close_scope: Assertion `state->scope > 0' failed.
Aborted (core dumped)

Eschewing the use of the implicit chain results in a proper error message:-

# nft add rule ip t c tcp dport 80 ip saddr 127.0.0.1 daddr 127.0.0.1
Error: syntax error, unexpected daddr, expecting end of file or newline or
semicolon
add rule ip t c tcp dport 80 ip saddr 127.0.0.1 daddr 127.0.0.1

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20201201/82a51287/attachment.html>


More information about the netfilter-buglog mailing list