python3-nftables/libnftables 0.9.6 bugs

To: debian-backports@lists.debian.org
Subject: python3-nftables/libnftables 0.9.6 bugs
From: Qiwei Wen <wenqiweiabcd@gmail.com>
Date: Wed, 13 Jan 2021 13:50:56 +1100
Message-id: <[🔎] CADxRGxD5tid1mqdj1GNJJ5p7Zt+OpKDi7XgUxi+ZEk3o2LKBmw@mail.gmail.com>

HI,

I found that the version of libnftables found in buster-backports
(0.9.6) has a number of minor bugs when it comes to handling
unexpected JSON commands.

1. deleting rule without "handle" present causes memory corruption
that eventually results in the error message "invalid input descriptor
type <some number>"
2. attempting to delete a chain referenced by a rule in another chain
causes segmentation fault, instead of a sensible error message such as
EBUSY. minimal reproducible example attached.

-dave

-- 
Qiwei Wen
Software Developer
Exablaze Pty Ltd
✆ 0430872689
LinkedIn

#!/usr/bin/python3
import nftables
handle = nftables.Nftables()

cmds = [
    "flush ruleset", "add table ip test",
    "add chain ip test foo", "add chain ip test bar",
    "add rule ip test foo jump bar"
]

for c in cmds:
    handle.cmd(c)

chain = {
    "chain" : {
        "family" : "ip",
        "table" : "test",
        "name" : "bar",
    }
}

# SEGFAULTS
cmd = [{"delete" : chain}]
cmd = {"nftables" : [{"metainfo" : {"json_schema_version" : 1}}] + cmd}
handle.json_cmd(cmd)

Reply to:

Prev by Date: Re: Bug#979987: vorta: Cant find pyqt5
Next by Date: maven 3.6.3, please?
Previous by thread: Re: Bug#979987: vorta: Cant find pyqt5
Next by thread: maven 3.6.3, please?
Index(es):
- Date
- Thread