Control: reassign 946996 iptables Control: affects 946996 + wireguard-tools
Hi Celejar--
On Thu 2019-12-19 00:00:39 -0500, Celejar wrote:
> Package: wireguard-tools
> Version: 0.0.20191212-1
> Severity: normal
>
> I use wireguard to establish a very simple point-to-point VPN. 'wg-quick
> up wgo' works fine; 'wg-quick down wg0' also seems to work correctly,
> but it segfaults after doing (AFAICT) everything that it's supposed to
> do. Everything seems to be working fine, though, both before and afterward.
>
> I tried figuring out what, exactly, the script is doing when it
> segfaults, but I couldn't quite make it out. It seems to successfully do
> 'del_if', 'unset_dns', and 'remove_firewall', but then do something
> wrong in the 'execute_hooks' stage?
>
> ~# wg-quick down wg0
> [#] ip -4 rule delete table 51820
> [#] ip -4 rule delete table main suppress_prefixlength 0
> [#] ip link delete dev wg0
> [#] resolvconf -d tun.wg0 -f
> [#] iptables-restore -n
> /usr/bin/wg-quick: line 29: 1411585 Segmentation fault "$@"
Thanks for this report. It looks to me like this is a segfault in
iptables-restore, not in wg-quick, so i'm reassigning the bug report to
the iptables package, which shouldn't segfault, no matter what input it
receives. (maybe this is due to sending it empty lines?
In the meantime, i believe that more recent versions of wireguard-tools
do not send empty lines to iptables-restore. Can you verify that this
doesn't happen for you with a more recent version?
Thanks for reporting this,
--dkg
signature.asc
Description: PGP signature
