Bug 743232

Summary:	iptables prints stacktrace when trying to reference named chains > 28 chars
Product:	Red Hat Enterprise Linux 6	Reporter:	Florian Crouzat <gentoo>
Component:	iptables	Assignee:	Thomas Woerner <twoerner>
Status:	CLOSED DUPLICATE	QA Contact:	qe-baseos-daemons
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	6.0	CC:	pasteur
Target Milestone:	rc
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:	1.4.10	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2012-09-17 13:33:44 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Florian Crouzat 2011-10-04 10:21:27 UTC

Apparently there is a builtin #define somewhere to limit named chain up to 30 chars. This works just fine when /creating/ a chain, but the test condition fails and iptables crashes with a stacktrace when trying to /reference/ named chains of 29 and 30 chars.

Affected products: iptables.1.4.7-3.el6 and iptables.1.4.7-4.el6

Reproducible: always.

Steps to Reproduce:

1. Try to create 4 named chains, {28..31} chars long:

# iptables -N $(for((i=0;i<28;i++));do printf "%s" "a";done) && echo ok || echo ko
ok

# iptables -N $(for((i=0;i<29;i++));do printf "%s" "b";done) && echo ok || echo ko
ok

# iptables -N $(for((i=0;i<30;i++));do printf "%s" "c";done) && echo ok || echo ko
ok

# iptables -N $(for((i=0;i<31;i++));do printf "%s" "d";done) && echo ok || echo ko
iptables v1.4.7: chain name `ddddddddddddddddddddddddddddddd' too long (must
be under 30 chars)
Try `iptables -h' or 'iptables --help' for more information.
ko

2. Ok, now try to reference the 28,29 and 30 chars long named chains:

# iptables -I INPUT -j aaaaaaaaaaaaaaaaaaaaaaaaaaaa && echo ok || echo ko
ok

# iptables -I INPUT -j bbbbbbbbbbbbbbbbbbbbbbbbbbbbb && echo ok || echo ko
<stacktrace>
ko

# iptables -I INPUT -j cccccccccccccccccccccccccccccc && echo ok || echo ko
<stacktrace>
ko


As you can see, iptables lets you create up to =30 chars long named chain but fails at referencing 29 and 30 chars long ones. Here is the complete stacktrace for the =30chars named chain:

[root@foo ~]# n='cccccccccccccccccccccccccccccc'
[root@foo ~]# echo -n $n | wc
      0       1      30
[root@foo ~]# iptables -N $n
[root@foo ~]# iptables -I INPUT -j $n
*** buffer overflow detected ***: iptables terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x3f5cefb467]
/lib64/libc.so.6[0x3f5cef9360]
iptables(do_command+0x1a4e)[0x40824e]
iptables(iptables_main+0x4c)[0x40519c]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x3f5ce1ec5d]
iptables[0x4025f9]
======= Memory map: ========
00400000-0040d000 r-xp 00000000 fd:00 4781                               /sbin/iptables-multi
0060c000-0060d000 rw-p 0000c000 fd:00 4781                               /sbin/iptables-multi
0060d000-00673000 rw-p 00000000 00:00 0
0080c000-0080e000 rw-p 0000c000 fd:00 4781                               /sbin/iptables-multi
01eb5000-01ed6000 rw-p 00000000 00:00 0                                  [heap]
3f5c600000-3f5c61e000 r-xp 00000000 fd:00 15474                          /lib64/ld-2.12.so
3f5c81e000-3f5c81f000 r--p 0001e000 fd:00 15474                          /lib64/ld-2.12.so
3f5c81f000-3f5c820000 rw-p 0001f000 fd:00 15474                          /lib64/ld-2.12.so
3f5c820000-3f5c821000 rw-p 00000000 00:00 0
3f5ca00000-3f5ca02000 r-xp 00000000 fd:00 22774                          /lib64/libdl-2.12.so
3f5ca02000-3f5cc02000 ---p 00002000 fd:00 22774                          /lib64/libdl-2.12.so
3f5cc02000-3f5cc03000 r--p 00002000 fd:00 22774                          /lib64/libdl-2.12.so
3f5cc03000-3f5cc04000 rw-p 00003000 fd:00 22774                          /lib64/libdl-2.12.so
3f5ce00000-3f5cf75000 r-xp 00000000 fd:00 22772                          /lib64/libc-2.12.so
3f5cf75000-3f5d175000 ---p 00175000 fd:00 22772                          /lib64/libc-2.12.so
3f5d175000-3f5d179000 r--p 00175000 fd:00 22772                          /lib64/libc-2.12.so
3f5d179000-3f5d17a000 rw-p 00179000 fd:00 22772                          /lib64/libc-2.12.so
3f5d17a000-3f5d17f000 rw-p 00000000 00:00 0
3f5d200000-3f5d207000 r-xp 00000000 fd:00 8149                           /lib64/libxtables.so.4.0.0
3f5d207000-3f5d407000 ---p 00007000 fd:00 8149                           /lib64/libxtables.so.4.0.0
3f5d407000-3f5d408000 rw-p 00007000 fd:00 8149                           /lib64/libxtables.so.4.0.0
3f5d600000-3f5d606000 r-xp 00000000 fd:00 6966                           /lib64/libip4tc.so.0.0.0
3f5d606000-3f5d805000 ---p 00006000 fd:00 6966                           /lib64/libip4tc.so.0.0.0
3f5d805000-3f5d806000 rw-p 00005000 fd:00 6966                           /lib64/libip4tc.so.0.0.0
3f5de00000-3f5de83000 r-xp 00000000 fd:00 22783                          /lib64/libm-2.12.so
3f5de83000-3f5e082000 ---p 00083000 fd:00 22783                          /lib64/libm-2.12.so
3f5e082000-3f5e083000 r--p 00082000 fd:00 22783                          /lib64/libm-2.12.so
3f5e083000-3f5e084000 rw-p 00083000 fd:00 22783                          /lib64/libm-2.12.so
3f61200000-3f61216000 r-xp 00000000 fd:00 8597                           /lib64/libgcc_s-4.4.4-20100726.so.1
3f61216000-3f61415000 ---p 00016000 fd:00 8597                           /lib64/libgcc_s-4.4.4-20100726.so.1
3f61415000-3f61416000 rw-p 00015000 fd:00 8597                           /lib64/libgcc_s-4.4.4-20100726.so.1
7f2e82755000-7f2e82756000 r-xp 00000000 fd:00 4856                       /lib64/xtables/libxt_standard.so
7f2e82756000-7f2e82955000 ---p 00001000 fd:00 4856                       /lib64/xtables/libxt_standard.so
7f2e82955000-7f2e82956000 rw-p 00000000 fd:00 4856                       /lib64/xtables/libxt_standard.so
7f2e82956000-7f2e8295a000 rw-p 00000000 00:00 0
7f2e82963000-7f2e82964000 rw-p 00000000 00:00 0
7fff4568b000-7fff456a0000 rw-p 00000000 00:00 0                          [stack]
7fff45766000-7fff45767000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Abandon

Comment 2 RHEL Program Management 2011-10-04 10:49:03 UTC

This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.

Comment 3 Florian Crouzat 2012-04-19 10:05:54 UTC

Fixed upstream in version 1.4.10:
* http://bugzilla.netfilter.org/show_bug.cgi?id=643

Comment 4 Thomas Woerner 2012-09-17 13:33:44 UTC


*** This bug has been marked as a duplicate of bug 821441 ***