diff --git a/backport-dump-locations-expressions-only-if-set.patch b/backport-dump-locations-expressions-only-if-set.patch new file mode 100644 index 0000000..5eb9814 --- /dev/null +++ b/backport-dump-locations-expressions-only-if-set.patch @@ -0,0 +1,37 @@ +From 5472143922531e0f7ea2770b302903f5002472df Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 30 Aug 2022 15:00:52 +0200 +Subject: erec: Dump locations' expressions only if set +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Calling netlink_dump_expr() with a NULL pointer leads to segfault within +libnftnl. Internal ("fake") locations such as 'netlink_location' don't +have an expression assigned so expect this and skip the call. Simple +reproducer (list ruleset with netlink debugging as non-root): + +| $ nft -d netlink list ruleset + +Reported-by: François Rigault +Signed-off-by: Phil Sutter +--- + src/erec.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/erec.c b/src/erec.c +index a4b93fb0..aebb8632 100644 +--- a/src/erec.c ++++ b/src/erec.c +@@ -170,6 +170,8 @@ void erec_print(struct output_ctx *octx, const struct error_record *erec, + fprintf(f, "%s\n", erec->msg); + for (l = 0; l < (int)erec->num_locations; l++) { + loc = &erec->locations[l]; ++ if (!loc->nle) ++ continue; + netlink_dump_expr(loc->nle, f, debug_mask); + } + return; +-- +cgit v1.2.3 + diff --git a/nftables.spec b/nftables.spec index 61c4107..1e35832 100644 --- a/nftables.spec +++ b/nftables.spec @@ -1,6 +1,6 @@ Name: nftables Version: 1.0.0 -Release: 5 +Release: 6 Epoch: 1 Summary: A subsystem of the Linux kernel processing network data License: GPLv2 @@ -19,6 +19,7 @@ Patch6: backport-parser_json-fix-device-parsing-in-netdev-family.patch Patch7: backport-iptopt-fix-crash-with-invalid-field-type-combo.patch Patch8: backport-evaluate-string-prefix-expression-must-retain-original-length.patch Patch9: backport-libnftables-release-top-level-scope.patch +Patch10: backport-dump-locations-expressions-only-if-set.patch BuildRequires: gcc flex bison libmnl-devel gmp-devel readline-devel libnftnl-devel docbook2X systemd BuildRequires: iptables-devel jansson-devel python3-devel @@ -118,6 +119,12 @@ echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf %{python3_sitelib}/nftables/ %changelog +* Thu Dec 15 2022 huangyu - 1:1.0.0-6 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix dump locations expressions only if set + * Tue Dec 13 2022 huangyu - 1:1.0.0-5 - Type:bugfix - ID:NA