[Bug 948] New: tcp doff option crashes nft
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Wed May 28 20:16:05 CEST 2014
https://bugzilla.netfilter.org/show_bug.cgi?id=948
Summary: tcp doff option crashes nft
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
AssignedTo: pablo at netfilter.org
ReportedBy: anarey at gmail.com
Estimated Hours: 0.0
There is a problem when we use doff parameter:
* We add the following rule, and It shows these error.
$ sudo nft add rule ip test input tcp doff 33
==14515== Invalid read of size 4
==14515== at 0x40D9E0: payload_expr_alloc (payload.c:111)
==14515== by 0x41CB63: nft_parse (parser.y:1967)
==14515== by 0x405BCF: nft_run (main.c:223)
==14515== by 0x405854: main (main.c:334)
==14515== Address 0x4 is not stack'd, malloc'd or (recently) free'd
==14515==
==14515==
==14515== Process terminating with default action of signal 11 (SIGSEGV)
==14515== Access not within mapped region at address 0x4
==14515== at 0x40D9E0: payload_expr_alloc (payload.c:111)
==14515== by 0x41CB63: nft_parse (parser.y:1967)
==14515== by 0x405BCF: nft_run (main.c:223)
==14515== by 0x405854: main (main.c:334)
==14515== If you believe this happened as a result of a stack
==14515== overflow in your program's main thread (unlikely but
==14515== possible), you can try to increase the size of the
==14515== main thread stack using the --main-stacksize= flag.
==14515== The main thread stack size used in this run was 8388608.
* Then, We list the table, and It doesn't list this rule:
$ sudo nft list table ip test
table ip test {
chain input {
}
}
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list