From patchwork Tue May 29 14:16:44 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Florian Westphal <fw@strlen.de>
X-Patchwork-Id: 922139
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=strlen.de
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40wG8j311nz9s01
	for <incoming@patchwork.ozlabs.org>;
	Wed, 30 May 2018 00:20:21 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S934625AbeE2OUU (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Tue, 29 May 2018 10:20:20 -0400
Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:37816 "EHLO
	Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S934329AbeE2OUT (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Tue, 29 May 2018 10:20:19 -0400
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.89)
	(envelope-from <fw@breakpoint.cc>)
	id 1fNfU1-0002yI-Pm; Tue, 29 May 2018 16:20:17 +0200
From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nft] tests: shell: add crash reproducer
Date: Tue, 29 May 2018 16:16:44 +0200
Message-Id: <20180529141644.25978-1-fw@strlen.de>
X-Mailer: git-send-email 2.16.1
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

Two reports point to a crash in nft when 'flush' is provided
on existing ruleset.  In that case, nft will crash with a null-ptr
dereference.

"evaluate: do not inconditionally update cache from flush command"
causes the commit to fail due to a cache inconsistency, we then trip
over NULL location->indesc.  Cause of 2nd bug not known yet, not sure
how to fix cache issue either, so only adding reproducer so this can be
fixed later.

Without erec bug, the (errnoeous) error message would be
Could not process rule: File exists

Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Reported-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 tests/shell/testcases/cache/0001_cache_handling_0 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/shell/testcases/cache/0001_cache_handling_0 b/tests/shell/testcases/cache/0001_cache_handling_0
index 20c19117033d..77afdf8d9072 100755
--- a/tests/shell/testcases/cache/0001_cache_handling_0
+++ b/tests/shell/testcases/cache/0001_cache_handling_0
@@ -16,6 +16,10 @@ table inet test {
 set -e
 
 $NFT -f - <<< $RULESET
+TMP=$(mktemp)
+echo "$RULESET" >> "$TMP"
+$NFT "flush ruleset;include \"$TMP\""
+rm -f "$TMP"
 rule_handle=$($NFT list ruleset -a | awk '/saddr/{print $NF}')
 $NFT delete rule inet test test handle $rule_handle
 $NFT delete set inet test test