Here is an autopkgtest run with the latest patch :
Removing autopkgtest-satdep (0) ...
autopkgtest [14:09:03]: test command17: chmod +x
./iptables/tests/shell/testcases/iptables/0007-zero-counters_0
./iptables/tests/shell/testcases/chain/0006rename-segfault_0; cd
iptables/tests/shell; ./run-testst
autopkgtest [14:09:03]: test command17: [-----------------------
I: [OK] ././testcases/arptables/0001-arptables-save-restore_0
I: [OK] ././testcases/arptables/0002-arptables-restore-defaults_0
I: [OK] ././testcases/arptables/0003-arptables-verbose-output_0
I: [OK] ././testcases/chain/0001duplicate_1
I: [OK] ././testcases/chain/0002newchain_0
I: [OK] ././testcases/chain/0003rename_1
I: [OK] ././testcases/chain/0006rename-segfault_0
...
autopkgtest [14:09:19]: test command17: - - - - - - - - - - results - - - - -
- - - - -
command17 PASS
autopkgtest [14:09:19]: @@@@@@@@@@@@@@@@@@@@ summary
command1 PASS
command2 PASS
command3 PASS
command4 PASS
command5 PASS
command6 PASS
command7 PASS
command8 PASS
command9 PASS
command10 PASS
command11 PASS
command12 PASS
command13 PASS
command14 PASS
command15 PASS
command16 PASS
command17 PASS
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1992454
Title:
iptables: segfault when renaming a chain
Status in iptables package in Ubuntu:
In Progress
Status in iptables source package in Bionic:
In Progress
Status in iptables source package in Focal:
In Progress
Status in iptables source package in Jammy:
In Progress
Status in iptables source package in Kinetic:
In Progress
Bug description:
This is the description for the upstream fix of this bug[1] :
This is an odd bug: If the number of chains is right and one renames the
last one in the list, libiptc dereferences a NULL pointer.
Commit 97bf4e68fc0794adba3243fd96f40f4568e7216f fixes this bug
upstream. This bug is to have the fix included in Ubuntu in order to
avoid such segmentation faults.
For Jammy and onward, iptables uses the new nft libraries so the
problem does not appear unless the -legacy commands are used.
The following code (adapted from the upstream commit to work on Kinetic) may
be used to reproduce the issue :
----------------------------------------8<--------------------------------
#!/bin/bash
#
# Cover for a bug in libiptc:
# - the chain 'node-98-tmp' is the last in the list sorted by name
# - there are 81 chains in total, so three chain index buckets
# - the last index bucket contains only the 'node-98-tmp' chain
# => rename temporarily removes it from the bucket, leaving a NULL bucket
# behind which is dereferenced later when inserting the chain again with
new
# name again
(
echo "*filter"
for chain in node-1 node-10 node-101 node-102 node-104 node-107 node-11
node-12 node-13 node-14 node-15 node-16 node-17 node-18 node-19 node-2 node-20
node-21 node-22 node-23 node-25 node-26 node-27 node-28 node-29 node-3 node-30
node-31 node-32 node-33 node-34 node-36 node-37 node-39 node-4 node-40 node-41
node-42 node-43 node-44 node-45 node-46 node-47 node-48 node-49 node-5 node-50
node-51 node-53 node-54 node-55 node-56 node-57 node-58 node-59 node-6 node-60
node-61 node-62 node-63 node-64 node-65 node-66 node-68 node-69 node-7 node-70
node-71 node-74 node-75 node-76 node-8 node-80 node-81 node-86 node-89 node-9
node-92 node-93 node-95 node-98-tmp; do
echo ":$chain - [0:0]"
done
echo "COMMIT"
) | $XT_MULTI iptables-legacy-restore
$XT_MULTI iptables-legacy -E node-98-tmp node-98
exit $?
---------------------------------------->8--------------------------------
[1]
http://git.netfilter.org/iptables/commit/?id=97bf4e68fc0794adba3243fd96f40f4568e7216f
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1992454/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
