Package: nftables
Version: 0.9.8-3.1+deb11u2
Severity: important
Upon running `nft -f file.nft`, where `file.nft` specifies the same
table at least twice, and a named set or map is defined in the second
(or later) table specification, a segmentation fault is caused.
The specified ruleset appears to be correctly applied regardless.
Example `file.nft`:
---
table inet t0 {
}
table inet t0 {
set s0 {
type inet_service
elements = { 42 }
}
}
---
Note that both a named set and a named map definition cause the
segfault, while a (similarly simple) chain definition does not.
The only error message printed is "Segmentation fault\n".
Note that this causes nftables.service to fail if `/etc/nftables.conf`
contains such configuration (but the ruleset appears to be applied).
I cannot reproduce the bug with the preceding package version,
0.9.8-3.1+deb11u1, nor on Debian 12 Bookworm (nftables 1.0.6-2+deb12u2).
-- System Information:
Debian Release: 11.9
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'),
(500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-28-amd64 (SMP w/2 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages nftables depends on:
ii dpkg 1.20.13
ii libc6 2.31-13+deb11u8
ii libedit2 3.1-20191231-2+b1
ii libnftables1 0.9.8-3.1+deb11u2
nftables recommends no packages.
Versions of packages nftables suggests:
pn firewalld <none>
-- Configuration Files:
/etc/nftables.conf changed [not included]
-- no debconf information
