Re: [PATCH nft v2 0/2] Support for variables in map expressions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Apr 03, 2024 at 01:09:35PM +0100, Jeremy Sowden wrote:
> The first patch replaces the current assertion failure for invalid
> mapping expression in stateful-object statements with an error message.
> This brings it in line with map statements.
> 
> It is possible to use a variable to initialize a map, which is then used
> in a map statement, but if one tries to use the variable directly, nft
> rejects it.  The second patch adds support for doing this.

Thanks. I can trigger crashes, e.g.

define quota_map = "1.2.3.4"

table ip x {
        chain y {
                quota name ip saddr map $quota_map
        }
}

src/mnl.c:1759:2: runtime error: member access within misaligned address 0x000100000001 for type 'struct expr', which requires 8 byte alignment
0x000100000001: note: pointer points here
<memory cannot be printed>
src/netlink.c:121:10: runtime error: member access within misaligned address 0x000100000001 for type 'const struct expr', which requires 8 byte alignment
0x000100000001: note: pointer points here
<memory cannot be printed>
AddressSanitizer:DEADLYSIGNAL
=================================================================
==150056==ERROR: AddressSanitizer: SEGV on unknown address 0x00009fff8009 (pc 0x7f58e67d8624 bp 0x7ffd57d17eb0 sp 0x7ffd57d17c40 T0)
==150056==The signal is caused by a READ memory access.
    #0 0x7f58e67d8624 in alloc_nftnl_setelem src/netlink.c:121
    #1 0x7f58e67c3d12 in mnl_nft_setelem_batch src/mnl.c:1760
    #2 0x7f58e67c45d9 in mnl_nft_setelem_add src/mnl.c:1805
    #3 0x7f58e687df1e in __do_add_elements src/rule.c:1425
    #4 0x7f58e687e528 in do_add_set src/rule.c:1471
    #5 0x7f58e687e7aa in do_command_add src/rule.c:1491
    #6 0x7f58e688fdb3 in do_command src/rule.c:2599
    #7 0x7f58e679d417 in nft_netlink src/libnftables.c:42
    #8 0x7f58e67a514a in __nft_run_cmd_from_filename src/libnftables.c:729
    #9 0x7f58e67a639c in nft_run_cmd_from_filename src/libnftables.c:807
    #10 0x557c9d25b3b0 in main src/main.c:536
    #11 0x7f58e5846249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #12 0x7f58e5846304 in __libc_start_main_impl ../csu/libc-start.c:360
    #13 0x557c9d258460 in _start (/usr/sbin/nft+0x9460)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV src/netlink.c:121 in alloc_nftnl_setelem
==150056==ABORTING

I think this is lacking more validation.
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux