From owner-freebsd-bugs@FreeBSD.ORG  Sun Jul 19 02:10:02 2009
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0FE9B1065686
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 19 Jul 2009 02:10:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id C4E358FC13
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 19 Jul 2009 02:10:01 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n6J2A13P077107
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 19 Jul 2009 02:10:01 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n6J2A1cQ077106;
	Sun, 19 Jul 2009 02:10:01 GMT (envelope-from gnats)
Resent-Date: Sun, 19 Jul 2009 02:10:01 GMT
Resent-Message-Id: <200907190210.n6J2A1cQ077106@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Aragon Gouveia <aragon@phat.za.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 825281065670
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun, 19 Jul 2009 02:02:41 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 7081E8FC08
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun, 19 Jul 2009 02:02:41 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n6J22dJd003789
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 19 Jul 2009 02:02:39 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n6J22dqo003788;
	Sun, 19 Jul 2009 02:02:39 GMT (envelope-from nobody)
Message-Id: <200907190202.n6J22dqo003788@www.freebsd.org>
Date: Sun, 19 Jul 2009 02:02:39 GMT
From: Aragon Gouveia <aragon@phat.za.net>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: misc/136893: ppp(8) crashing with port 65535 in "nat port"
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jul 2009 02:10:02 -0000


>Number:         136893
>Category:       misc
>Synopsis:       ppp(8) crashing with port 65535 in "nat port"
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 19 02:10:01 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Aragon Gouveia
>Release:        8.0-BETA1
>Organization:
>Environment:
FreeBSD soek.geek.sh 8.0-BETA1 FreeBSD 8.0-BETA1 #0: Sat Jul 18 01:46:02 SAST 2009     root@fuzz.geek.sh:/usr/obj/nanobsd.soek/i386/usr/src/sys/SOEK  i386
>Description:
I'm using ppp(8) to run a PPPoE session to my ISP.  I've noticed by accident that configuring it to redirect port 65535 with the "nat port" config option causes ppp to consume an ever increasing amount of memory during start up, eventually being killed by the kernel.
>How-To-Repeat:
add "nat port tcp 1.2.3.4:65535 65535" to ppp.conf

>Fix:
A variable that's the condition of a while loop is overflowing.  Quick fix:


--- usr.sbin/ppp/nat_cmd.c.orig	2009-07-19 03:50:27.000000000 +0200
+++ usr.sbin/ppp/nat_cmd.c	2009-07-19 03:50:20.000000000 +0200
@@ -184,6 +184,7 @@
                       error);
         return 1;
       }
+      if (laliasport == 65535) break;
       llocalport++;
       laliasport++;
       if (hremoteport)


>Release-Note:
>Audit-Trail:
>Unformatted: