[Bug 1702] iptables fails to parse interface wildcard "-i +" correctly

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue Sep 5 14:52:01 CEST 2023 

https://bugzilla.netfilter.org/show_bug.cgi?id=1702

--- Comment #3 from thomas.strangert at emblasoft.com ---
# valgrind --leak-check=full iptables -A INPUT -i + -d 192.168.8.13 -j DROP
==3046844== Memcheck, a memory error detector
==3046844== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3046844== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==3046844== Command: iptables -A INPUT -i + -d 192.168.8.13 -j DROP
==3046844==
==3046844== Syscall param socketcall.sendto(msg) points to uninitialised
byte(s)
==3046844==    at 0x49DABBA: sendto (sendto.c:27)
==3046844==    by 0x11666D: ??? (in /usr/sbin/xtables-nft-multi)
==3046844==    by 0x123A5D: ??? (in /usr/sbin/xtables-nft-multi)
==3046844==    by 0x12705B: ??? (in /usr/sbin/xtables-nft-multi)
==3046844==    by 0x11CF12: ??? (in /usr/sbin/xtables-nft-multi)
==3046844==    by 0x11D73C: ??? (in /usr/sbin/xtables-nft-multi)
==3046844==    by 0x11D9E0: ??? (in /usr/sbin/xtables-nft-multi)
==3046844==    by 0x11DA2F: ??? (in /usr/sbin/xtables-nft-multi)
==3046844==    by 0x48DCD8F: (below main) (libc_start_call_main.h:58)
==3046844==  Address 0x1ffeffc30f is on thread 1's stack
==3046844==
==3046844== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised
byte(s)
==3046844==    at 0x49DAB17: sendmsg (sendmsg.c:28)
==3046844==    by 0x11A4DC: ??? (in /usr/sbin/xtables-nft-multi)
==3046844==    by 0x11D9E0: ??? (in /usr/sbin/xtables-nft-multi)
==3046844==    by 0x11DA2F: ??? (in /usr/sbin/xtables-nft-multi)
==3046844==    by 0x48DCD8F: (below main) (libc_start_call_main.h:58)
==3046844==  Address 0x4aebccb is 59 bytes inside a block of size 200,703
alloc'd
==3046844==    at 0x4848899: malloc (in
/usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==3046844==    by 0x4877A45: ??? (in
/usr/lib/x86_64-linux-gnu/libnftnl.so.11.6.0)
==3046844==    by 0x48791AC: nftnl_batch_alloc (in
/usr/lib/x86_64-linux-gnu/libnftnl.so.11.6.0)
==3046844==    by 0x11A1A7: ??? (in /usr/sbin/xtables-nft-multi)
==3046844==    by 0x11D9E0: ??? (in /usr/sbin/xtables-nft-multi)
==3046844==    by 0x11DA2F: ??? (in /usr/sbin/xtables-nft-multi)
==3046844==    by 0x48DCD8F: (below main) (libc_start_call_main.h:58)
==3046844==
==3046844==
==3046844== HEAP SUMMARY:
==3046844==     in use at exit: 0 bytes in 0 blocks
==3046844==   total heap usage: 77 allocs, 77 frees, 247,730 bytes allocated
==3046844==
==3046844== All heap blocks were freed -- no leaks are possible
==3046844==
==3046844== Use --track-origins=yes to see where uninitialised values come from
==3046844== For lists of detected and suppressed errors, rerun with: -s
==3046844== ERROR SUMMARY: 4 errors from 2 contexts (suppressed: 0 from 0)

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230905/a5e0e188/attachment.html>

More information about the netfilter-buglog mailing list