[Python-modules-team] Bug#862741: python3-iptables: rule.create_match() raises MemoryError

[Alexander Barinov]

Package: python3-iptables
Version: 0.11.0-3
Severity: grave
Justification: renders package unusable

The following sample code raises MemoryError on all my Debian systems:

Python 3.5.3 (default, Jan 19 2017, 14:11:04)
[GCC 6.3.0 20170118] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import iptc
>>> iptc.Rule().create_match('udp')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3/dist-packages/iptc/ip4tc.py", line 959, in create_match
    match = Match(self, name=name, revision=revision)
  File "/usr/lib/python3/dist-packages/iptc/ip4tc.py", line 558, in __init__
    self.reset()
  File "/usr/lib/python3/dist-packages/iptc/ip4tc.py", line 635, in reset
    udata_buf = (ct.c_ubyte * udata_size)()
MemoryError

Using any other method to create a match (iptc.Match(rule, 'tcp')) or
any other match type ('tcp', 'owner', etc) and other kernels (4.9.0
from testing, old 4.6.0 from testing) gives the same results. This bug
makes it impossible to construct any iptable rule as matches are the
core of it - and this pretty much defeats the purpose of the package.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (1000, 'testing'), (50, 'unstable'), (20, 'stable'), (1,
'experimental')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-2-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored:
LC_ALL set to C.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python3-iptables depends on:
ii  iptables     1.6.0+snapshot20161117-6
ii  libc6        2.24-10
ii  python3      3.5.3-1
pn  python3:any  <none>

python3-iptables recommends no packages.

Versions of packages python3-iptables suggests:
pn  python-iptables-doc  <none>

-- no debconf information