[pkg-netfilter-team] Bug#929527: Bug#929527: /usr/sbin/xtables-nft-multi: restoring IP Tables with an self-defined chain segfaults in libnftnl.so
Arturo Borrero Gonzalez
arturo at debian.org
Mon May 27 11:29:20 BST 2019
On 5/25/19 6:49 PM, Thomas Lamprecht wrote:
> Package: iptables
> Version: 1.8.2-4
> Severity: grave
> File: /usr/sbin/xtables-nft-multi
> Justification: renders package unusable by segfaulting on usage
>
> Reproducer:
> # cat simple-segv-table
> *filter
> :NEW-OUTPUT - [0:0]
> -A OUTPUT -j NEW-OUTPUT
> -F NEW-OUTPUT
> -A NEW-OUTPUT -j ACCEPT
> COMMIT
>
> # iptables ./simple-segv-table
> Segmentation fault
>
> # dmesg | tail -1
> [12860.813350] traps: iptables-restor[19173] general protection ip:7f4894682793 sp:7ffcedc177d0 error:0 in libnftnl.so.11.0.0[7f4894677000+17000]
>
> # addr2line -e /usr/lib/x86_64-linux-gnu/libnftnl.so.11.0.0 -fCi $(printf "%x" $[0x7f2cb9882793 - 0x7f2cb9877000])
> nftnl_batch_is_supported
> ??:?
>
I can reproduce this.
I'm already looking for a fix.
More information about the pkg-netfilter-team
mailing list