[Bug 1702] iptables fails to parse interface wildcard "-i +" correctly

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue Sep 5 15:20:45 CEST 2023 

https://bugzilla.netfilter.org/show_bug.cgi?id=1702

--- Comment #6 from thomas.strangert at emblasoft.com ---
# valgrind --leak-check=full iptables-save
==3054371== Memcheck, a memory error detector
==3054371== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==3054371== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==3054371== Command: iptables-save
==3054371==
==3054371== Syscall param socketcall.sendto(msg) points to uninitialised
byte(s)
==3054371==    at 0x49DABBA: sendto (sendto.c:27)
==3054371==    by 0x11666D: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x123D61: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C3D7: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x1270B7: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C7DE: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x48DCD8F: (below main) (libc_start_call_main.h:58)
==3054371==  Address 0x1ffeffc3af is on thread 1's stack
==3054371==
==3054371== Syscall param socketcall.sendto(msg) points to uninitialised
byte(s)
==3054371==    at 0x49DABBA: sendto (sendto.c:27)
==3054371==    by 0x11666D: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x123D61: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C423: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x1270B7: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C7DE: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x48DCD8F: (below main) (libc_start_call_main.h:58)
==3054371==  Address 0x1ffeffc3af is on thread 1's stack
==3054371==
# Generated by iptables-save v1.8.7 on Tue Sep  5 15:18:09 2023
*mangle
... ...
:mangle_WAN_DDoS - [0:0]
-A PREROUTING -i wan -j mangle_WAN_DDoS
==3054371== Syscall param socketcall.sendto(msg) points to uninitialised
byte(s)
==3054371==    at 0x49DABBA: sendto (sendto.c:27)
==3054371==    by 0x1139E0: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x48A62C6: xtables_find_match (in
/usr/lib/x86_64-linux-gnu/libxtables.so.12.4.0)
==3054371==    by 0x48A601A: ??? (in
/usr/lib/x86_64-linux-gnu/libxtables.so.12.4.0)
==3054371==    by 0x48A63C6: xtables_find_match (in
/usr/lib/x86_64-linux-gnu/libxtables.so.12.4.0)
==3054371==    by 0x114944: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C02B: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C124: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C423: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C527: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C95B: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x48DCD8F: (below main) (libc_start_call_main.h:58)
==3054371==  Address 0x1ffeffbe02 is on thread 1's stack
==3054371==
... ...
:Cid82520X12088.0 - [0:0]
==3054371== Syscall param socketcall.sendto(msg) points to uninitialised
byte(s)
==3054371==    at 0x49DABBA: sendto (sendto.c:27)
==3054371==    by 0x1139E0: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x48A5C95: xtables_find_target (in
/usr/lib/x86_64-linux-gnu/libxtables.so.12.4.0)
==3054371==    by 0x48A5FF1: ??? (in
/usr/lib/x86_64-linux-gnu/libxtables.so.12.4.0)
==3054371==    by 0x48A5D20: xtables_find_target (in
/usr/lib/x86_64-linux-gnu/libxtables.so.12.4.0)
==3054371==    by 0x114A1D: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C02B: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C124: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C3D7: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C527: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x11C95B: ??? (in /usr/sbin/xtables-nft-multi)
==3054371==    by 0x48DCD8F: (below main) (libc_start_call_main.h:58)
==3054371==  Address 0x1ffeffbdfd is on thread 1's stack
==3054371==
... ...
# Completed on Tue Sep  5 15:18:09 2023
==3054371==
==3054371== HEAP SUMMARY:
==3054371==     in use at exit: 0 bytes in 0 blocks
==3054371==   total heap usage: 10,741 allocs, 10,741 frees, 1,328,016 bytes
allocated
==3054371==
==3054371== All heap blocks were freed -- no leaks are possible
==3054371==
==3054371== Use --track-origins=yes to see where uninitialised values come from
==3054371== For lists of detected and suppressed errors, rerun with: -s
==3054371== ERROR SUMMARY: 60 errors from 4 contexts (suppressed: 0 from 0)

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230905/fa1d8ea3/attachment-0001.html>

More information about the netfilter-buglog mailing list