Re: [PATCH nft v2 0/2] Support for variables in map expressions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2024-04-04, at 13:21:52 +0200, Pablo Neira Ayuso wrote:
> On Wed, Apr 03, 2024 at 01:09:35PM +0100, Jeremy Sowden wrote:
> > The first patch replaces the current assertion failure for invalid
> > mapping expression in stateful-object statements with an error message.
> > This brings it in line with map statements.
> > 
> > It is possible to use a variable to initialize a map, which is then used
> > in a map statement, but if one tries to use the variable directly, nft
> > rejects it.  The second patch adds support for doing this.
> 
> Thanks. I can trigger crashes, e.g.
> 
> define quota_map = "1.2.3.4"
> 
> table ip x {
>         chain y {
>                 quota name ip saddr map $quota_map
>         }
> }
> 
> src/mnl.c:1759:2: runtime error: member access within misaligned address 0x000100000001 for type 'struct expr', which requires 8 byte alignment
> 0x000100000001: note: pointer points here
> <memory cannot be printed>
> src/netlink.c:121:10: runtime error: member access within misaligned address 0x000100000001 for type 'const struct expr', which requires 8 byte alignment
> 0x000100000001: note: pointer points here
> <memory cannot be printed>
> AddressSanitizer:DEADLYSIGNAL
> =================================================================
> ==150056==ERROR: AddressSanitizer: SEGV on unknown address 0x00009fff8009 (pc 0x7f58e67d8624 bp 0x7ffd57d17eb0 sp 0x7ffd57d17c40 T0)
> ==150056==The signal is caused by a READ memory access.
>     #0 0x7f58e67d8624 in alloc_nftnl_setelem src/netlink.c:121
>     #1 0x7f58e67c3d12 in mnl_nft_setelem_batch src/mnl.c:1760
>     #2 0x7f58e67c45d9 in mnl_nft_setelem_add src/mnl.c:1805
>     #3 0x7f58e687df1e in __do_add_elements src/rule.c:1425
>     #4 0x7f58e687e528 in do_add_set src/rule.c:1471
>     #5 0x7f58e687e7aa in do_command_add src/rule.c:1491
>     #6 0x7f58e688fdb3 in do_command src/rule.c:2599
>     #7 0x7f58e679d417 in nft_netlink src/libnftables.c:42
>     #8 0x7f58e67a514a in __nft_run_cmd_from_filename src/libnftables.c:729
>     #9 0x7f58e67a639c in nft_run_cmd_from_filename src/libnftables.c:807
>     #10 0x557c9d25b3b0 in main src/main.c:536
>     #11 0x7f58e5846249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
>     #12 0x7f58e5846304 in __libc_start_main_impl ../csu/libc-start.c:360
>     #13 0x557c9d258460 in _start (/usr/sbin/nft+0x9460)
> 
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV src/netlink.c:121 in alloc_nftnl_setelem
> ==150056==ABORTING
> 
> I think this is lacking more validation.

Agreed.  Should have done more testing.  Apologies!  Will follow up.

J.

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux