[pkg-netfilter-team] Bug#946996: wireguard-tools: 'wg-quick down' segfaults
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Jan 22 21:47:17 GMT 2020
Control: tags 946996 + moreinfo
On Tue 2020-01-21 22:18:45 -0500, Celejar wrote:
> Sorry, I'm still getting it:
>
> ~# apt-cache policy wireguard-tools
> wireguard-tools:
> Installed: 1.0.20200102-1
> Candidate: 1.0.20200102-1
> Version table:
> *** 1.0.20200102-1 500
> 500 http://deb.debian.org/debian sid/main amd64 Packages
> 100 /var/lib/dpkg/status
>
> ~# ifdown wg0
> [#] ip -4 rule delete table 51820
> [#] ip -4 rule delete table main suppress_prefixlength 0
> [#] ip link delete dev wg0
> [#] resolvconf -d tun.wg0 -f
> [#] iptables-restore -n
> /usr/bin/wg-quick: line 29: 186243 Segmentation fault "$@"
Interesting. Can you modify wg-quick locally to expose what is being
piped into iptables-restore -n in this instance?
For example, a change like this:
----------------
--- wg-quick.orig 2020-01-22 16:05:42.456100207 -0500
+++ wg-quick 2020-01-22 16:45:35.936536027 -0500
@@ -198,6 +198,7 @@
[[ $line == "-A"* ]] && found=1
printf -v restore '%s%s\n' "$restore" "${line/#-A/-D}"
done < <($iptables-save 2>/dev/null)
+ [[ $found -ne 1 ]] || echo -n "RESTORING: $restore" >&2
[[ $found -ne 1 ]] || echo -n "$restore" | cmd $iptables-restore -n
done
fi
----------------
Then report back what is printed there, and see whether feeding it into
"iptables-restore -n" on its own is sufficient to cause a segfault.
thanks for taking the time to report and debug!
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-netfilter-team/attachments/20200122/3c95eaf8/attachment.sig>
More information about the pkg-netfilter-team
mailing list