[pkg-netfilter-team] Bug#968457: iptables: segfault with specific command when run as non-root

Bernhard Übelacker bernhardu at mailbox.org
Sun Aug 16 13:48:12 BST 2020 

Dear Maintainer,
following is a backtrace where the crash happens.
This seems to affect just stable.
Testing shows a permission denied warning.

By default it seems iptables is not contained in the path,
nevertheless it crashes when executed by full path.

Kind regards,
Bernhard


Program received signal SIGSEGV, Segmentation fault.
nftnl_rule_list_add (r=r at entry=0x5555555f5900, list=0x0) at rule.c:782
782             list_add(&r->head, &list->list);
(gdb) bt
#0  nftnl_rule_list_add (r=r at entry=0x5555555f5900, list=0x0) at rule.c:782
#1  0x0000555555567eac in nft_rule_insert (h=h at entry=0x7fffffffe480, chain=chain at entry=0x7fffffffe848 "OUTPUT", table=table at entry=0x55555557b126 "filter", data=data at entry=0x7fffffffe300, rulenum=rulenum at entry=0, verbose=verbose at entry=false) at nft.c:2146
#2  0x0000555555562629 in add_entry (chain=0x7fffffffe848 "OUTPUT", table=0x55555557b126 "filter", cs=cs at entry=0x7fffffffe300, rulenum=0, family=2, s=..., d=..., verbose=false, h=0x7fffffffe480, append=false) at xtables.c:412
#3  0x0000555555564270 in do_commandx (h=h at entry=0x7fffffffe480, argc=argc at entry=3, argv=argv at entry=0x7fffffffe608, table=table at entry=0x7fffffffe478, restore=restore at entry=false) at xtables.c:1122
#4  0x0000555555562350 in xtables_main (family=family at entry=2, progname=progname at entry=0x55555557a011 "iptables", argc=3, argv=0x7fffffffe608) at xtables-standalone.c:72
#5  0x000055555556248a in xtables_ip4_main (argc=<optimized out>, argv=<optimized out>) at xtables-standalone.c:96
#6  0x00007ffff763809b in __libc_start_main (main=0x55555555cfb0 <main>, argc=3, argv=0x7fffffffe608, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe5f8) at ../csu/libc-start.c:308
#7  0x000055555555cfea in _start ()
-------------- next part --------------

# Buster/stable amd64 qemu VM 2020-08-16

apt update
apt dist-upgrade


apt install systemd-coredump mc gdb iptables-dbgsym libnftnl11-dbgsym
apt build-dep iptables


mkdir /home/benutzer/source/iptables/orig -p
cd    /home/benutzer/source/iptables/orig
apt source iptables
cd

mkdir /home/benutzer/source/libnftnl11/orig -p
cd    /home/benutzer/source/libnftnl11/orig
apt source libnftnl11
cd



gdb -q --args /usr/sbin/iptables -I OUTPUT

directory /home/benutzer/source/libnftnl11/orig/libnftnl-1.1.2/src
directory /home/benutzer/source/iptables/orig/iptables-1.8.2/iptables
set width 0
set pagination off
run


##########




benutzer at debian:~$ /usr/sbin/iptables -I OUTPUT
Speicherzugriffsfehler (Speicherabzug geschrieben)


dmesg:
[So Aug 16 13:58:00 2020] iptables[1170]: segfault at 0 ip 00007f27c75541f0 sp 00007ffc0c5bd208 error 4 in libnftnl.so.11.0.0[7f27c754d000+17000]
[So Aug 16 13:58:00 2020] Code: 83 c4 08 48 89 ef 5b 5d e9 6d 8e ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 31 c0 48 39 3f 0f 94 c0 c3 0f 1f 80 00 00 00 00 <48> 8b 06 48 89 78 08 48 89 07 48 89 77 08 48 89 3e c3 66 66 2e 0f


root at debian:~# coredumpctl list
TIME                            PID   UID   GID SIG COREFILE  EXE
Sun 2020-08-16 13:58:01 CEST   1170  1000  1000  11 present   /usr/sbin/xtables-nft-multi


root at debian:~# coredumpctl gdb 1170
           PID: 1170 (iptables)
           UID: 1000 (benutzer)
           GID: 1000 (benutzer)
        Signal: 11 (SEGV)
     Timestamp: Sun 2020-08-16 13:58:01 CEST (54s ago)
  Command Line: /usr/sbin/iptables -I OUTPUT
    Executable: /usr/sbin/xtables-nft-multi
 Control Group: /user.slice/user-1000.slice/session-3.scope
          Unit: session-3.scope
         Slice: user-1000.slice
       Session: 3
     Owner UID: 1000 (benutzer)
       Boot ID: 90c355c183dc4e728cac96d0d7b28324
    Machine ID: 33f18f39d2a9438eb75b0ed52848afcd
      Hostname: debian
       Storage: /var/lib/systemd/coredump/core.iptables.1000.90c355c183dc4e728cac96d0d7b28324.1170.1597579081000000.lz4
       Message: Process 1170 (iptables) of user 1000 dumped core.
                
                Stack trace of thread 1170:
                #0  0x00007f27c75541f0 nftnl_rule_list_add (libnftnl.so.11)
                #1  0x0000556112a23eac n/a (xtables-nft-multi)
                #2  0x0000556112a1e629 n/a (xtables-nft-multi)
                #3  0x0000556112a20270 n/a (xtables-nft-multi)
                #4  0x0000556112a1e350 n/a (xtables-nft-multi)
                #5  0x0000556112a1e48a n/a (xtables-nft-multi)
                #6  0x00007f27c6de909b __libc_start_main (libc.so.6)
                #7  0x0000556112a18fea n/a (xtables-nft-multi)

GNU gdb (Debian 8.2.1-2+b3) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/xtables-nft-multi...(no debugging symbols found)...done.

warning: core file may not match specified executable file.
[New LWP 1170]
Core was generated by `/usr/sbin/iptables -I OUTPUT'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f27c75541f0 in nftnl_rule_list_add () from /lib/x86_64-linux-gnu/libnftnl.so.11




benutzer at debian:~$ gdb -q --args /usr/sbin/iptables -I OUTPUT
Reading symbols from /usr/sbin/iptables...Reading symbols from /usr/lib/debug/.build-id/9f/df12bff550f04deaa338f8f4c1986e19e1d5e2.debug...done.
done.
(gdb) directory /home/benutzer/source/libnftnl11/orig/libnftnl-1.1.2/src
Source directories searched: /home/benutzer/source/libnftnl11/orig/libnftnl-1.1.2/src:$cdir:$cwd
(gdb) set width 0
(gdb) set pagination off
(gdb) run
Starting program: /usr/sbin/iptables -I OUTPUT

Program received signal SIGSEGV, Segmentation fault.
nftnl_rule_list_add (r=r at entry=0x5555555f5900, list=0x0) at rule.c:782
782             list_add(&r->head, &list->list);
(gdb) bt
#0  nftnl_rule_list_add (r=r at entry=0x5555555f5900, list=0x0) at rule.c:782
#1  0x0000555555567eac in nft_rule_insert (h=h at entry=0x7fffffffe480, chain=chain at entry=0x7fffffffe848 "OUTPUT", table=table at entry=0x55555557b126 "filter", data=data at entry=0x7fffffffe300, rulenum=rulenum at entry=0, verbose=verbose at entry=false) at nft.c:2146
#2  0x0000555555562629 in add_entry (chain=0x7fffffffe848 "OUTPUT", table=0x55555557b126 "filter", cs=cs at entry=0x7fffffffe300, rulenum=0, family=2, s=..., d=..., verbose=false, h=0x7fffffffe480, append=false) at xtables.c:412
#3  0x0000555555564270 in do_commandx (h=h at entry=0x7fffffffe480, argc=argc at entry=3, argv=argv at entry=0x7fffffffe608, table=table at entry=0x7fffffffe478, restore=restore at entry=false) at xtables.c:1122
#4  0x0000555555562350 in xtables_main (family=family at entry=2, progname=progname at entry=0x55555557a011 "iptables", argc=3, argv=0x7fffffffe608) at xtables-standalone.c:72
#5  0x000055555556248a in xtables_ip4_main (argc=<optimized out>, argv=<optimized out>) at xtables-standalone.c:96
#6  0x00007ffff763809b in __libc_start_main (main=0x55555555cfb0 <main>, argc=3, argv=0x7fffffffe608, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe5f8) at ../csu/libc-start.c:308
#7  0x000055555555cfea in _start ()

More information about the pkg-netfilter-team mailing list