On 2024-04-04, at 13:21:52 +0200, Pablo Neira Ayuso wrote: > On Wed, Apr 03, 2024 at 01:09:35PM +0100, Jeremy Sowden wrote: > > The first patch replaces the current assertion failure for invalid > > mapping expression in stateful-object statements with an error message. > > This brings it in line with map statements. > > > > It is possible to use a variable to initialize a map, which is then used > > in a map statement, but if one tries to use the variable directly, nft > > rejects it. The second patch adds support for doing this. > > Thanks. I can trigger crashes, e.g. > > define quota_map = "1.2.3.4" > > table ip x { > chain y { > quota name ip saddr map $quota_map > } > } > > src/mnl.c:1759:2: runtime error: member access within misaligned address 0x000100000001 for type 'struct expr', which requires 8 byte alignment > 0x000100000001: note: pointer points here > <memory cannot be printed> > src/netlink.c:121:10: runtime error: member access within misaligned address 0x000100000001 for type 'const struct expr', which requires 8 byte alignment > 0x000100000001: note: pointer points here > <memory cannot be printed> > AddressSanitizer:DEADLYSIGNAL > ================================================================= > ==150056==ERROR: AddressSanitizer: SEGV on unknown address 0x00009fff8009 (pc 0x7f58e67d8624 bp 0x7ffd57d17eb0 sp 0x7ffd57d17c40 T0) > ==150056==The signal is caused by a READ memory access. > #0 0x7f58e67d8624 in alloc_nftnl_setelem src/netlink.c:121 > #1 0x7f58e67c3d12 in mnl_nft_setelem_batch src/mnl.c:1760 > #2 0x7f58e67c45d9 in mnl_nft_setelem_add src/mnl.c:1805 > #3 0x7f58e687df1e in __do_add_elements src/rule.c:1425 > #4 0x7f58e687e528 in do_add_set src/rule.c:1471 > #5 0x7f58e687e7aa in do_command_add src/rule.c:1491 > #6 0x7f58e688fdb3 in do_command src/rule.c:2599 > #7 0x7f58e679d417 in nft_netlink src/libnftables.c:42 > #8 0x7f58e67a514a in __nft_run_cmd_from_filename src/libnftables.c:729 > #9 0x7f58e67a639c in nft_run_cmd_from_filename src/libnftables.c:807 > #10 0x557c9d25b3b0 in main src/main.c:536 > #11 0x7f58e5846249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 > #12 0x7f58e5846304 in __libc_start_main_impl ../csu/libc-start.c:360 > #13 0x557c9d258460 in _start (/usr/sbin/nft+0x9460) > > AddressSanitizer can not provide additional info. > SUMMARY: AddressSanitizer: SEGV src/netlink.c:121 in alloc_nftnl_setelem > ==150056==ABORTING > > I think this is lacking more validation. Agreed. Should have done more testing. Apologies! Will follow up. J.
Attachment:
signature.asc
Description: PGP signature