[Bug 967] New: segfault when adding large sets

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Thu Jul 17 21:03:55 CEST 2014 

https://bugzilla.netfilter.org/show_bug.cgi?id=967

           Summary: segfault when adding large sets
           Product: nftables
           Version: unspecified
          Platform: x86_64
        OS/Version: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
        AssignedTo: pablo at netfilter.org
        ReportedBy: bugzilla-netfilter at malc.org.uk
   Estimated Hours: 0.0


Created attachment 449
  --> https://bugzilla.netfilter.org/attachment.cgi?id=449
Test case

If I attempt to load a table containing a large set (in my case, a set of 203
or more ether_addrs), nft segfaults (in some cases with what looks to me like a
corrupt stack).  I'm running git head nftables, libnftnl, libmnl on kernel
3.15.5.


# Loading a simple table containing just a 203-element set (nft -f test.nft;
input attached):

Program received signal SIGSEGV, Segmentation fault.
nft_set_free (s=0x3f21fcb415fc) at set.c:48
48              if (s->table != NULL)
(gdb) bt
#0  nft_set_free (s=0x3f21fcb415fc) at set.c:48
#1  0x000000000041245f in netlink_add_setelems_compat (expr=0x6499e0,
h=<optimized out>, ctx=0x7fffffffe3a0) at src/netlink.c:1279
#2  netlink_add_setelems (ctx=ctx at entry=0x7fffffffe3a0, h=h at entry=0x649860,
expr=0x6499e0) at src/netlink.c:1295
#3  0x0000000000406e8a in do_add_setelems (expr=<optimized out>, h=0x649860,
ctx=0x7fffffffe3a0) at src/rule.c:577
#4  do_add_set (ctx=ctx at entry=0x7fffffffe3a0, h=h at entry=0x649860,
set=set at entry=0x649850) at src/rule.c:591
#5  0x00000000004070d1 in do_add_table (excl=<optimized out>, table=0x649770,
loc=<optimized out>, h=<optimized out>, ctx=0x7fffffffe3a0)
    at src/rule.c:609
#6  do_command_add (ctx=ctx at entry=0x7fffffffe3a0, cmd=cmd at entry=0x6518a0,
excl=excl at entry=false) at src/rule.c:625
#7  0x0000000000407eea in do_command (ctx=ctx at entry=0x7fffffffe3a0,
cmd=cmd at entry=0x6518a0) at src/rule.c:914
#8  0x0000000000406426 in nft_netlink (msgs=0x7fffffffe430,
state=0x7fffffffe440) at src/main.c:183
#9  nft_run (scanner=scanner at entry=0x645390, state=state at entry=0x7fffffffe440,
msgs=msgs at entry=0x7fffffffe430) at src/main.c:227
#10 0x0000000000405fca in main (argc=3, argv=<optimized out>) at src/main.c:340


# Loading a larger ruleset containing two ~1700-element sets:

Program received signal SIGSEGV, Segmentation fault.
mnl_attr_nest_start (nlh=nlh at entry=0x7fffffffd150, type=type at entry=1) at
attr.c:535
535             start->nla_type = NLA_F_NESTED | type;
(gdb) bt
#0  mnl_attr_nest_start (nlh=nlh at entry=0x7fffffffd150, type=type at entry=1) at
attr.c:535
#1  0x00007ffff7712f6d in nft_set_elem_nlmsg_build_payload
(nlh=nlh at entry=0x7fffffffd150, e=e at entry=0x6e50c0) at set_elem.c:175
#2  0x00007ffff7713046 in nft_set_elems_nlmsg_build_payload
(nlh=nlh at entry=0x7fffffffd150, s=s at entry=0x6deef0) at set_elem.c:218
#3  0x00000000004194ee in mnl_nft_setelem_add (nf_sock=0x645340, nls=0x6deef0,
flags=<optimized out>) at src/mnl.c:821
#4  0x0001000a80010010 in ?? ()
#5  0x00009472cc431100 in ?? ()
#6  0x8001001080ce0014 in ?? ()
#7  0x736b11000001000a in ?? ()
(...)

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list