Hello,
Thanks for picking this up. Reference to the test was added to
debian/test/control & test ran fine as we can see in the logs :
Removing autopkgtest-satdep (0) ...
autopkgtest [17:00:57]: test command18: chmod +x
./iptables/tests/shell/testcases/chain/0006rename-segfault_0; cd
iptables/tests/shell; ./run-tests.sh --host
autopkgtest [17:00:57]: test command18: [-----------------------
I: [OK] ././testcases/arptables/0001-arptables-save-restore_0
I: [OK] ././testcases/arptables/0002-arptables-restore-defaults_0
I: [OK] ././testcases/arptables/0003-arptables-verbose-output_0
I: [OK] ././testcases/chain/0001duplicate_1
I: [OK] ././testcases/chain/0002newchain_0
I: [OK] ././testcases/chain/0003rename_1
I: [OK] ././testcases/chain/0006rename-segfault_0
Here is a new debdiff with the added bits.
** Patch added: "iptables_1.8.7-1ubuntu7.debdiff"
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1992454/+attachment/5623037/+files/iptables_1.8.7-1ubuntu7.debdiff
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1992454
Title:
iptables: segfault when renaming a chain
Status in iptables package in Ubuntu:
In Progress
Status in iptables source package in Bionic:
In Progress
Status in iptables source package in Focal:
In Progress
Status in iptables source package in Jammy:
In Progress
Status in iptables source package in Kinetic:
In Progress
Bug description:
This is the description for the upstream fix of this bug[1] :
This is an odd bug: If the number of chains is right and one renames the
last one in the list, libiptc dereferences a NULL pointer.
Commit 97bf4e68fc0794adba3243fd96f40f4568e7216f fixes this bug
upstream. This bug is to have the fix included in Ubuntu in order to
avoid such segmentation faults.
For Jammy and onward, iptables uses the new nft libraries so the
problem does not appear unless the -legacy commands are used.
The following code (adapted from the upstream commit to work on Kinetic) may
be used to reproduce the issue :
----------------------------------------8<--------------------------------
#!/bin/bash
#
# Cover for a bug in libiptc:
# - the chain 'node-98-tmp' is the last in the list sorted by name
# - there are 81 chains in total, so three chain index buckets
# - the last index bucket contains only the 'node-98-tmp' chain
# => rename temporarily removes it from the bucket, leaving a NULL bucket
# behind which is dereferenced later when inserting the chain again with
new
# name again
(
echo "*filter"
for chain in node-1 node-10 node-101 node-102 node-104 node-107 node-11
node-12 node-13 node-14 node-15 node-16 node-17 node-18 node-19 node-2 node-20
node-21 node-22 node-23 node-25 node-26 node-27 node-28 node-29 node-3 node-30
node-31 node-32 node-33 node-34 node-36 node-37 node-39 node-4 node-40 node-41
node-42 node-43 node-44 node-45 node-46 node-47 node-48 node-49 node-5 node-50
node-51 node-53 node-54 node-55 node-56 node-57 node-58 node-59 node-6 node-60
node-61 node-62 node-63 node-64 node-65 node-66 node-68 node-69 node-7 node-70
node-71 node-74 node-75 node-76 node-8 node-80 node-81 node-86 node-89 node-9
node-92 node-93 node-95 node-98-tmp; do
echo ":$chain - [0:0]"
done
echo "COMMIT"
) | $XT_MULTI iptables-legacy-restore
$XT_MULTI iptables-legacy -E node-98-tmp node-98
exit $?
---------------------------------------->8--------------------------------
[1]
http://git.netfilter.org/iptables/commit/?id=97bf4e68fc0794adba3243fd96f40f4568e7216f
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1992454/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
