[Bug 1215] New: nft -c "" segfaults

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Sun Jan 14 17:07:32 CET 2018 

https://bugzilla.netfilter.org/show_bug.cgi?id=1215

            Bug ID: 1215
           Summary: nft -c "" segfaults
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: other
            Status: NEW
          Severity: major
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: najamelan at autistici.org

I'm trying to use nft -c to verify an autogenerated variable which is a set of
"ipv4 . port".

But the nft -c utility segfaults. It doesn't seem to segfault when the input is
invalid, I see:

> nft -c "\;"
Error: syntax error, unexpected junk
\;
^

but:

> nft -c ";"
fish: “nft -c ";"” terminated by signal SIGSEGV (Address boundary error)

and basically for any other valid input including the empty string.

Journalctl shows:

Stack trace of thread 7337:
#0  0x00007fd0f2abef10 mnl_socket_get_fd (libmnl.so.0)
#1  0x0000557b554d78a3 n/a (nft)
#2  0x0000557b554b68b8 n/a (nft)
#3  0x0000557b554b62c5 n/a (nft)
#4  0x00007fd0f201bf4a __libc_start_main (libc.so.6)
#5  0x0000557b554b654a n/a (nft)

# nft --version
nftables v0.8 (Joe Btfsplk)

# ldd (which nft)
    linux-vdso.so.1 (0x00007ffccf0dc000)
    libmnl.so.0 => /usr/lib/libmnl.so.0 (0x00007f56823b5000)
    libnftnl.so.7 => /usr/lib/libnftnl.so.7 (0x00007f568218b000)
    libreadline.so.7 => /usr/lib/libreadline.so.7 (0x00007f5681f3d000)
    libgmp.so.10 => /usr/lib/libgmp.so.10 (0x00007f5681caa000)
    libc.so.6 => /usr/lib/libc.so.6 (0x00007f56818f3000)
    libncursesw.so.6 => /usr/lib/libncursesw.so.6 (0x00007f56816bb000)
    /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2
(0x00007f5682834000)
    libtinfo.so.6 => /usr/lib/libtinfo.so.6 (0x00007f568148f000)

# uname --all 
Linux computer 4.14.13-1-ARCH #1 SMP PREEMPT Wed Jan 10 11:14:50 UTC 2018
x86_64 GNU/Linux

I first ran into nft -c segfaulting when trying to test my set of ip's which is
quite big (about 12000) entries. The core dump was different than for the
little tests shown above. I don't know if it's the same bug, so this is the
core dump:

Stack trace of thread 5796:
#0  0x00007f1d8d726bc0 mnl_nlmsg_batch_is_empty (libmnl.so.0)
#1  0x00007f1d8d5028b1 nftnl_batch_iovec_len (libnftnl.so.7)
#2  0x0000564bd1eb190d n/a (nft)
#3  0x0000564bd1e908b8 n/a (nft)
#4  0x0000564bd1e904e0 n/a (nft)
#5  0x00007f1d8cc82f4a __libc_start_main (libc.so.6)
#6  0x0000564bd1e9054a n/a (nft)

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180114/4c2464f2/attachment.html>

More information about the netfilter-buglog mailing list