'nft' crashes.

'nft' crashes.

[S Egbert]

Mmmmmmm,  a crash in nft CLI.

First noticed in nft 1.1.3, now at nft 1.1.4.  Will try latest HEAD over 
at git.netfilter.org/[libnftnl|nftables].git

Created my own test corpus on 'nft' syntax highlighting.  Was trying 
something wild here (seemingly a valid syntax, according to 
parser_bison.y, but not scanner.c).

Content of add-chain.tp.nft file is:


     define MY_POLICY = deny
     table T { chain C { policy $MY_POLICY; };};


GDB-captured crash dump:

# gdb /opt/nftables/sbin/nft
GNU gdb (Debian 16.3-1) 16.3
(gdb) set args -c -f add-chain.tp.nft
(gdb) b main
Breakpoint 1 at 0x194b0: file src/main.c, line 361.
(gdb) r
Starting program: /opt/nftables/sbin/nft -c -f add-chain.tp.nft

This GDB supports auto-downloading debuginfo from the following URLs:
   <https://debuginfod.debian.net>
Enable debuginfod for this session? (y or [n]) y
Debuginfod has been enabled.
To make this setting permanent, add 'set debuginfod enabled on' to .gdbinit.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Breakpoint 1, main (argc=4, argv=0x7fffffffc938) at src/main.c:361
361             const struct option *options = get_options();
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
Download failed: Invalid argument.  Continuing without source file 
./build/mpz/../../mpz/export.c.
0x00007ffff7edb6d2 in __gmpz_export (data=0x7fffffffc4f8, 
countp=0x7fffffffc430, order=-1, size=4, endian=0,
     nail=0, z=0x5555556b3440) at ../../mpz/export.c:75
warning: 75     ../../mpz/export.c: No such file or directory
(gdb) bt
#0  0x00007ffff7edb6d2 in __gmpz_export (data=0x7fffffffc4f8, 
countp=0x7fffffffc430, order=-1, size=4,
     endian=0, nail=0, z=0x5555556b3440) at ../../mpz/export.c:75
#1  0x00005555555f25cc in __mpz_export_data (data=0x7fffffffc4f8, 
op=0x5555556b3440,
     byteorder=BYTEORDER_HOST_ENDIAN, len=4) at src/gmputil.c:109
#2  0x0000555555573f62 in mnl_nft_chain_add (ctx=0x7fffffffc5e0, 
cmd=0x55555570aac0, flags=0)
     at src/mnl.c:882
#3  0x000055555559e1bc in do_command_add (ctx=0x7fffffffc5e0, 
cmd=0x55555570aac0, excl=false)
     at src/rule.c:1525
#4  0x00005555555a1814 in do_command (ctx=0x7fffffffc5e0, 
cmd=0x55555570aac0) at src/rule.c:2625
#5  0x000055555556e263 in nft_netlink (nft=0x5555556812a0, 
cmds=0x7fffffffc6e0, msgs=0x7fffffffc6f0)
     at src/libnftables.c:43
#6  0x000055555556fc43 in __nft_run_cmd_from_filename (nft=0x5555556812a0,
     filename=0x7fffffffcce4 "add-chain.tp.nft") at src/libnftables.c:753
#7  0x0000555555570023 in nft_run_cmd_from_filename (nft=0x5555556812a0,
     filename=0x7fffffffcce4 "add-chain.tp.nft") at src/libnftables.c:847
#8  0x000055555556da31 in main (argc=4, argv=0x7fffffffc938) at 
src/main.c:535
(gdb)

Re: 'nft' crashes.

[Pablo Neira Ayuso]

On Sat, Aug 16, 2025 at 09:09:02PM -0500, S Egbert wrote:
[...]
> Content of add-chain.tp.nft file is:
> 
> 
>     define MY_POLICY = deny
>     table T { chain C { policy $MY_POLICY; };};
> 
> 
> GDB-captured crash dump:

Fix:

https://patchwork.ozlabs.org/project/netfilter-devel/patch/20250817214706.314771-1-pablo@netfilter.org/