[SRU] free(): double free detected in tcache 2
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
iptables (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Graham Inggs |
Bug Description
[ Impact ]
iptables is unable to list the iptables rules or save the iptables rules if a nftables ruleset is defined which iptables does not recognize.
[ Test Plan ]
1. Simple test plan based on upstream test case:
sudo nft -f - <<EOF
table ip filter {
chain INPUT {
}
chain x {
}
}
EOF
sudo iptables -L
2. A more complicated test plan
* Add an iptables rule.
- sudo iptables -A OUTPUT -p tcp --dport 9999 -j REJECT
* save the rules in a file
- sudo iptables-save > rules.txt
* Convert the rule to nftables ruleset
- sudo iptables-
* List the nftables ruleset
- sudo nft list ruleset
* Also confirm that iptables can list the old rule
- sudo iptables -L
* Now add another nftables rule (this rule is taken from upstream test case)
sudo nft -f - <<EOF
table ip filter {
chain INPUT {
}
chain x {
}
}
EOF
* List the nftables ruleset, which will print the old rule and the new rule
- sudo nft list ruleset
* Try printing the old iptables rule
- sudo iptables -L
Without the fixed packages both the tests will now abort with a double free.
$ sudo iptables -L
free(): double free detected in tcache 2
Aborted
[ Where problems could occur ]
* This is an upstream patch which is only removing an error path when nft_cache_
[ Other Info ]
* The regression was introduced in v1.8.7 and has been fixed via v1.8.8 so only Jammy is affected.
[ Original Bug Description ]
nftables is being used successfully with no difficulty.
Running iptables on my node receives a crash:
$ sudo iptables -nL
free(): double free detected in tcache 2
Aborted (core dumped)
without sudo
# iptables -nL
free(): double free detected in tcache 2
Aborted (core dumped)
This bug is known and was fixed in version 1.8.8 of iptables https:/
1) The release of Ubuntu
$ lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04
2) The version of the package
$ apt info iptables
Package: iptables
Version: 1.8.7-1ubuntu5.1
3) What you expected to happen
not to crash with valid, working nftables rules
4) What happened instead
crash
A plausible workaround could be a backport of iptables 1.8.9 from mantic
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: iptables 1.8.7-1ubuntu5.1
ProcVersionSign
Uname: Linux 5.15.0-91-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckR
CloudArchitecture: x86_64
CloudID: none
CloudName: none
CloudPlatform: none
CloudSubPlatform: config
Date: Sun Jan 14 20:36:59 2024
InstallationDate: Installed on 2021-11-23 (782 days ago)
InstallationMedia: Ubuntu-Server 20.04.3 LTS "Focal Fossa" - Release amd64 (20210824)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: iptables
UpgradeStatus: Upgraded to jammy on 2023-04-30 (259 days ago)
Changed in iptables (Ubuntu Jammy): | |
status: | New → In Progress |
assignee: | nobody → Sudip Mukherjee (sudipmuk) |
Changed in iptables (Ubuntu): | |
status: | New → Fix Released |
Changed in iptables (Ubuntu Jammy): | |
assignee: | nobody → Graham Inggs (ginggs) |
status: | Confirmed → In Progress |
I can reproduce the segfault in Jammy using the testcase that the upstream as added. Also tested on other releases to confirm they are not affected.