[Bug 1351] Segfault in v0.9.1

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Sun Jul 21 01:22:58 CEST 2019


https://bugzilla.netfilter.org/show_bug.cgi?id=1351

--- Comment #4 from Florian Westphal <fw at strlen.de> ---
(In reply to 4bzilla from comment #3)
> Hi, had no time for debugging yet but you should be able to reproduce using
> the following:
> 
> Release: 0.9.1
> Build with: CFLAGS="-g -O0" CPPFLAGS="-g -O0" ./configure --prefix=/usr
> --sbindir=/usr/bin --sysconfdir=/usr/share --with-json --with-python-bin=''
> 
> #############
> nftables.conf:
> #############
> #!/usr/sbin/nft -f
> flush ruleset
> 
> table inet filter {
> }
> table inet filter {
>   	chain test {
> 		counter
> 	}
> }
> #############
> # EOF
> #############
> 
> stack trace:
> (gdb) bt
> #0  0x00007ffff7f56ac9 in erec_print (octx=0x55555555ba40,
> erec=0x55555555c740, debug_mask=0) at erec.c:95
> #1  0x00007ffff7f57215 in erec_print_list (octx=0x55555555ba40,
> list=0x7fffffffe2e0, debug_mask=0) at erec.c:190
> #2  0x00007ffff7f5ea39 in nft_run_cmd_from_filename (nft=0x55555555ba20,
> filename=0x7fffffffe810 "nftables.conf") at libnftables.c:491
> #3  0x00005555555567a2 in main (argc=3, argv=0x7fffffffe458) at main.c:310
> 
> Please let me know if you could reproduce. If not I will try to dig into
> this further.
> Thanks

Reproducible, thanks.

This is caused by

commit e5382c0d08e3c6d8246afa95b7380f0d6b8c1826
src: Support intra-transaction rule references

> table inet filter {
> }
> table inet filter {
>   	chain test {
> 		counter
> 	}
> }

before this commit, the above results in an add table,
and another 'add table' in the same transaction (which is harmless).

After this change, we attempt to lookup chain 'test' in table 'inet filter',
but the lookup fails because table evaluation places the first definition into
the cache, not the second.
The crash is a followup error during error record creation (we call
chain_not_found(), and the location doesn't even exist.

Changing it to be the table correctly lists the location of the first table
definition, which is a bit confusing.

Not sure yet how to fix this, attempting to merge identical table definitons
seems error prone.

(The crash is easily fixable, but then nft -f returns and 'chain not found'
error).

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190720/86f14462/attachment.html>


More information about the netfilter-buglog mailing list