[Bug 2049318] [NEW] [SRU] free(): double free detected in tcache 2
Launchpad Bug Tracker
2049318 at bugs.launchpad.net
Mon Jan 15 20:19:08 UTC 2024
You have been subscribed to a public bug by Sudip Mukherjee (sudipmuk):
[ Impact ]
iptables is unable to list the iptables rules or save the iptables rules
if a nftables ruleset is defined which iptables does not recognize.
[ Test Plan ]
* Add an iptables rule.
- sudo iptables -A OUTPUT -p tcp --dport 9999 -j REJECT
* save the rules in a file
- sudo iptables-save > rules.txt
* Convert the rule to nftables ruleset
- sudo iptables-nft-restore < rules.txt
* List the nftables ruleset
- sudo nft list ruleset
* Also confirm that iptables can list the old rule
- sudo iptables -L
* Now add another nftables rule (this rule is taken from upstream test
case)
sudo nft -f - <<EOF
table ip filter {
chain INPUT {
type filter hook input priority filter
counter packets 218 bytes 91375 accept
}
chain x {
type filter hook input priority filter
}
}
EOF
* List the nftables ruleset, which will print the old rule and the new rule
- sudo nft list ruleset
* Try printing the old iptables rule
- sudo iptables -L
Without the fixed packages it will now abort with a double free.
$ sudo iptables -L
free(): double free detected in tcache 2
Aborted
[ Where problems could occur ]
* This is an upstream patch which is only removing an error path when
nft_cache_add_chain() errors. nft_cache_add_chain() will free the chain
on error, and it was then again freed in the error path. By removing the
error path its now fixing the double free. Since the only change is in
the error path, the chances of regression are very less.
[ Other Info ]
* The regression was introduced in v1.8.7 and has been fixed via v1.8.8
so only Jammy is affected.
[ Original Bug Description ]
nftables is being used successfully with no difficulty.
Running iptables on my node receives a crash:
$ sudo iptables -nL
free(): double free detected in tcache 2
Aborted (core dumped)
without sudo
# iptables -nL
free(): double free detected in tcache 2
Aborted (core dumped)
This bug is known and was fixed in version 1.8.8 of iptables
https://git.netfilter.org/iptables/commit/?id=4318961230bce82958df82b57f1796143bf2f421
1) The release of Ubuntu
$ lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04
2) The version of the package
$ apt info iptables
Package: iptables
Version: 1.8.7-1ubuntu5.1
3) What you expected to happen
not to crash with valid, working nftables rules
4) What happened instead
crash
A plausible workaround could be a backport of iptables 1.8.9 from mantic
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: iptables 1.8.7-1ubuntu5.1
ProcVersionSignature: Ubuntu 5.15.0-91.101-generic 5.15.131
Uname: Linux 5.15.0-91-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: pass
CloudArchitecture: x86_64
CloudID: none
CloudName: none
CloudPlatform: none
CloudSubPlatform: config
Date: Sun Jan 14 20:36:59 2024
InstallationDate: Installed on 2021-11-23 (782 days ago)
InstallationMedia: Ubuntu-Server 20.04.3 LTS "Focal Fossa" - Release amd64 (20210824)
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: iptables
UpgradeStatus: Upgraded to jammy on 2023-04-30 (259 days ago)
** Affects: iptables (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: iptables (Ubuntu Jammy)
Importance: Undecided
Status: Confirmed
** Tags: amd64 apport-bug jammy uec-images
--
[SRU] free(): double free detected in tcache 2
https://bugs.launchpad.net/bugs/2049318
You received this bug notification because you are a member of Ubuntu Sponsors, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list