[nft] segfault, bitmask datatype without parse() function

All of lore.kernel.org
 help / color / mirror / Atom feed

* [nft] segfault, bitmask datatype without parse() function
@ 2014-11-25 12:53 Arturo Borrero Gonzalez
  2014-11-25 15:43 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 3+ messages in thread
From: Arturo Borrero Gonzalez @ 2014-11-25 12:53 UTC (permalink / raw)
  To: Netfilter Development Mailing list; +Cc: Pablo Neira Ayuso

Hi,

It seems there is a segfault in nft.

How to reproduce:

% nft add rule inet filter ct state established,related accept

==28442== Jump to the invalid address stated on the next line
==28442==    at 0x0: ???
==28442==    by 0x4099EA: symbolic_constant_parse (datatype.c:133)
==28442==    by 0x40BFD8: expr_evaluate (evaluate.c:199)
==28442==    by 0x40D524: list_member_evaluate (evaluate.c:597)
==28442==    by 0x40C25B: expr_evaluate (evaluate.c:649)
==28442==    by 0x40C103: expr_evaluate (evaluate.c:879)
==28442==    by 0x40D908: stmt_evaluate (evaluate.c:1103)
==28442==    by 0x40DF27: rule_evaluate (evaluate.c:1727)
==28442==    by 0x40E0A6: chain_evaluate (evaluate.c:1788)
==28442==    by 0x40E4CE: cmd_evaluate (evaluate.c:1807)
==28442==    by 0x423757: nft_parse (parser_bison.y:549)
==28442==    by 0x4061CC: nft_run (main.c:231)
==28442==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==28442==
==28442==
==28442== Process terminating with default action of signal 11 (SIGSEGV)
==28442==  Bad permissions for mapped region at address 0x0
==28442==    at 0x0: ???
==28442==    by 0x4099EA: symbolic_constant_parse (datatype.c:133)
==28442==    by 0x40BFD8: expr_evaluate (evaluate.c:199)
==28442==    by 0x40D524: list_member_evaluate (evaluate.c:597)
==28442==    by 0x40C25B: expr_evaluate (evaluate.c:649)
==28442==    by 0x40C103: expr_evaluate (evaluate.c:879)
==28442==    by 0x40D908: stmt_evaluate (evaluate.c:1103)
==28442==    by 0x40DF27: rule_evaluate (evaluate.c:1727)
==28442==    by 0x40E0A6: chain_evaluate (evaluate.c:1788)
==28442==    by 0x40E4CE: cmd_evaluate (evaluate.c:1807)
==28442==    by 0x423757: nft_parse (parser_bison.y:549)
==28442==    by 0x4061CC: nft_run (main.c:231)
==28442==

As far as I've investigated, it seems the bitmask datatype is missing
somehow the parse() function.

My HEAD is cf1e7d4 (netlink: don't bug on unknown events).

regards.

-- 
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [nft] segfault, bitmask datatype without parse() function
  2014-11-25 12:53 [nft] segfault, bitmask datatype without parse() function Arturo Borrero Gonzalez
@ 2014-11-25 15:43 ` Pablo Neira Ayuso
  2014-11-25 17:25   ` Arturo Borrero Gonzalez
  0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira Ayuso @ 2014-11-25 15:43 UTC (permalink / raw)
  To: Arturo Borrero Gonzalez; +Cc: Netfilter Development Mailing list

On Tue, Nov 25, 2014 at 01:53:20PM +0100, Arturo Borrero Gonzalez wrote:
> Hi,
> 
> It seems there is a segfault in nft.
> 
> How to reproduce:
> 
> % nft add rule inet filter ct state established,related accept

Where is the chain there?

I think this crash happens in an error path.

> ==28442== Jump to the invalid address stated on the next line
> ==28442==    at 0x0: ???
> ==28442==    by 0x4099EA: symbolic_constant_parse (datatype.c:133)
> ==28442==    by 0x40BFD8: expr_evaluate (evaluate.c:199)
> ==28442==    by 0x40D524: list_member_evaluate (evaluate.c:597)
> ==28442==    by 0x40C25B: expr_evaluate (evaluate.c:649)
> ==28442==    by 0x40C103: expr_evaluate (evaluate.c:879)
> ==28442==    by 0x40D908: stmt_evaluate (evaluate.c:1103)
> ==28442==    by 0x40DF27: rule_evaluate (evaluate.c:1727)
> ==28442==    by 0x40E0A6: chain_evaluate (evaluate.c:1788)
> ==28442==    by 0x40E4CE: cmd_evaluate (evaluate.c:1807)
> ==28442==    by 0x423757: nft_parse (parser_bison.y:549)
> ==28442==    by 0x4061CC: nft_run (main.c:231)
> ==28442==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
> ==28442==
> ==28442==
> ==28442== Process terminating with default action of signal 11 (SIGSEGV)
> ==28442==  Bad permissions for mapped region at address 0x0
> ==28442==    at 0x0: ???
> ==28442==    by 0x4099EA: symbolic_constant_parse (datatype.c:133)
> ==28442==    by 0x40BFD8: expr_evaluate (evaluate.c:199)
> ==28442==    by 0x40D524: list_member_evaluate (evaluate.c:597)
> ==28442==    by 0x40C25B: expr_evaluate (evaluate.c:649)
> ==28442==    by 0x40C103: expr_evaluate (evaluate.c:879)
> ==28442==    by 0x40D908: stmt_evaluate (evaluate.c:1103)
> ==28442==    by 0x40DF27: rule_evaluate (evaluate.c:1727)
> ==28442==    by 0x40E0A6: chain_evaluate (evaluate.c:1788)
> ==28442==    by 0x40E4CE: cmd_evaluate (evaluate.c:1807)
> ==28442==    by 0x423757: nft_parse (parser_bison.y:549)
> ==28442==    by 0x4061CC: nft_run (main.c:231)
> ==28442==
> 
> As far as I've investigated, it seems the bitmask datatype is missing
> somehow the parse() function.
> 
> My HEAD is cf1e7d4 (netlink: don't bug on unknown events).
>
> 
> regards.
> 
> -- 
> Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [nft] segfault, bitmask datatype without parse() function
  2014-11-25 15:43 ` Pablo Neira Ayuso
@ 2014-11-25 17:25   ` Arturo Borrero Gonzalez
  0 siblings, 0 replies; 3+ messages in thread
From: Arturo Borrero Gonzalez @ 2014-11-25 17:25 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Development Mailing list

On 25 November 2014 at 16:43, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> On Tue, Nov 25, 2014 at 01:53:20PM +0100, Arturo Borrero Gonzalez wrote:
>> Hi,
>>
>> It seems there is a segfault in nft.
>>
>> How to reproduce:
>>
>> % nft add rule inet filter ct state established,related accept
>
> Where is the chain there?
>
> I think this crash happens in an error path.
>

Ops.. yes, the error happens somewhere in the error path.

-- 
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-11-25 17:25 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-25 12:53 [nft] segfault, bitmask datatype without parse() function Arturo Borrero Gonzalez
2014-11-25 15:43 ` Pablo Neira Ayuso
2014-11-25 17:25   ` Arturo Borrero Gonzalez

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.