On Wed, 22 Jan 2020 16:47:17 -0500 Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote:
> Control: tags 946996 + moreinfo > > On Tue 2020-01-21 22:18:45 -0500, Celejar wrote: > > Sorry, I'm still getting it: > > > > ~# apt-cache policy wireguard-tools > > wireguard-tools: > > Installed: 1.0.20200102-1 > > Candidate: 1.0.20200102-1 > > Version table: > > *** 1.0.20200102-1 500 > > 500 http://deb.debian.org/debian sid/main amd64 Packages > > 100 /var/lib/dpkg/status > > > > ~# ifdown wg0 > > [#] ip -4 rule delete table 51820 > > [#] ip -4 rule delete table main suppress_prefixlength 0 > > [#] ip link delete dev wg0 > > [#] resolvconf -d tun.wg0 -f > > [#] iptables-restore -n > > /usr/bin/wg-quick: line 29: 186243 Segmentation fault "$@" > > Interesting. Can you modify wg-quick locally to expose what is being > piped into iptables-restore -n in this instance? > > For example, a change like this: > > ---------------- > --- wg-quick.orig 2020-01-22 16:05:42.456100207 -0500 > +++ wg-quick 2020-01-22 16:45:35.936536027 -0500 > @@ -198,6 +198,7 @@ > [[ $line == "-A"* ]] && found=1 > printf -v restore '%s%s\n' "$restore" > "${line/#-A/-D}" > done < <($iptables-save 2>/dev/null) > + [[ $found -ne 1 ]] || echo -n "RESTORING: $restore" > >&2 > [[ $found -ne 1 ]] || echo -n "$restore" | cmd > $iptables-restore -n > done > fi > ---------------- > > Then report back what is printed there, and see whether feeding it into > "iptables-restore -n" on its own is sufficient to cause a segfault. So right after my last email, I upgraded to 1.0.20200121-1, and now I no longer get a segfault. Is there anything further I should do? Should I do a downgrade and try your modification? > thanks for taking the time to report and debug! Celejar