[pkg-netfilter-team] Bug#1063690: nftables: Segfault on named set or map definition in second table specification

[Einhard Leichtfuß]

Package: nftables
Version: 0.9.8-3.1+deb11u2
Severity: important

Upon running `nft -f file.nft`, where `file.nft` specifies the same
table at least twice, and a named set or map is defined in the second
(or later) table specification, a segmentation fault is caused.

The specified ruleset appears to be correctly applied regardless.

Example `file.nft`:
---
table inet t0 {
}

table inet t0 {
        set s0 {
                type inet_service
                elements = { 42 }
        }
}
---

Note that both a named set and a named map definition cause the
segfault, while a (similarly simple) chain definition does not.

The only error message printed is "Segmentation fault\n".

Note that this causes nftables.service to fail if `/etc/nftables.conf`
contains such configuration (but the ruleset appears to be applied).

I cannot reproduce the bug with the preceding package version,
0.9.8-3.1+deb11u1, nor on Debian 12 Bookworm (nftables 1.0.6-2+deb12u2).


-- System Information:
Debian Release: 11.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'),
(500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-28-amd64 (SMP w/2 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages nftables depends on:
ii  dpkg          1.20.13
ii  libc6         2.31-13+deb11u8
ii  libedit2      3.1-20191231-2+b1
ii  libnftables1  0.9.8-3.1+deb11u2

nftables recommends no packages.

Versions of packages nftables suggests:
pn  firewalld  <none>

-- Configuration Files:
/etc/nftables.conf changed [not included]

-- no debconf information