[Bug 868] New: Null pointer segfault in netlink code

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Thu Oct 24 20:42:58 CEST 2013


https://bugzilla.netfilter.org/show_bug.cgi?id=868

           Summary: Null pointer segfault in netlink code
           Product: nftables
           Version: unspecified
          Platform: x86_64
        OS/Version: Ubuntu
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
        AssignedTo: pablo at netfilter.org
        ReportedBy: john at sager.me.uk
   Estimated Hours: 0.0


In returning set information, the kernel omits the FLAGS attribute if it is
zero (nf_tables_fill_set() in nf_tables_api.c). Consequently, calls to
nft_set_attr_get_u32() in netlink.c fail because that routine (in libnftables)
dereferences a null pointer returned by nft_set_attr_get(). I fixed it in nft
by calling nft_set_attr_is_set() to test for the attribute's existence. It
could also be fixed in the kernel by unconditionally sending the FLAGS
attribute even if it is zero. Also it might be worth putting some more error
checking for missing attributes (do any others get conditionally left out?)

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the netfilter-buglog mailing list