From owner-freebsd-bugs@FreeBSD.ORG  Sun Jan 30 02:40:25 2005
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F367116A4D2
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 30 Jan 2005 02:40:24 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 353D543D49
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 30 Jan 2005 02:40:08 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j0U2e8qH059852
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 30 Jan 2005 02:40:08 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j0U2e8jl059851;
	Sun, 30 Jan 2005 02:40:08 GMT
	(envelope-from gnats)
Resent-Date: Sun, 30 Jan 2005 02:40:08 GMT
Resent-Message-Id: <200501300240.j0U2e8jl059851@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Gil Kloepfer <fgil@kloepfer.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4E88216A511
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 30 Jan 2005 02:36:30 +0000 (GMT)
Received: from limbic.kloepfer.org (limbic.kloepfer.org [67.65.12.9])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BE91E43D39
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 30 Jan 2005 02:36:29 +0000 (GMT)
	(envelope-from gil@kloepfer.org)
Received: from limbic.kloepfer.org (localhost.kloepfer.org [127.0.0.1])
	by limbic.kloepfer.org (8.13.1/8.13.1) with ESMTP id j0U2aSWU078297;
	Sat, 29 Jan 2005 20:36:29 -0600 (CST)
	(envelope-from gil@kloepfer.org)
Received: (from gil@localhost)
	by limbic.kloepfer.org (8.13.1/8.13.1/Submit) id j0U2aStG078296;
	Sat, 29 Jan 2005 20:36:28 -0600 (CST)
	(envelope-from gil@kloepfer.org)
Message-Id: <200501300236.j0U2aStG078296@limbic.kloepfer.org>
Date: Sat, 29 Jan 2005 20:36:28 -0600 (CST)
From: Gil Kloepfer <fgil@kloepfer.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
cc: fgil@limbic.kloepfer.org
Subject: bin/76839: natd coredumps with -reverse due to bug in libalias
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Gil Kloepfer <fgil@kloepfer.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Jan 2005 02:40:25 -0000


>Number:         76839
>Category:       bin
>Synopsis:       natd coredumps with -reverse due to bug in libalias
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 30 02:40:07 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Gil Kloepfer
>Release:        FreeBSD 5.3-RELEASE i386
>Organization:
Self
>Environment:
System: FreeBSD limbic.kloepfer.org 5.3-RELEASE FreeBSD 5.3-RELEASE #1: Sat Nov 27 18:52:35 CST 2004 fgil@limbic.kloepfer.org:/sysbuild/src/sys/i386/compile/DELLDIM i386

	5.3-RELEASE as described in System above, will fail
	in any environment.

>Description:

	natd core dumps when -reverse switch is used because of a bug
	in libalias.

	In /usr/src/lib/libalias/alias.c, the functions LibAliasIn
	and LibAliasOutTry call the legacy PacketAliasIn/PacketAliasOut
	instead of LibAliasIn/LibAliasOut when the PKT_ALIAS_REVERSE
	option is set.  In this case, the context variable "la" gets lost 
	because the legacy compatibility routines expect "la" to be global.
	This was obviously an oversight when rewriting the
	PacketAlias* functions to the LibAlias* functions.

	The fix (as shown in the patch below) is to remove the legacy
	subroutine calls and replace with the new ones using the
	"la" struct as the first arg.

>How-To-Repeat:

	use natd with the -reverse option, although this will
	fail in any application using the LibAlias functions with
	the PKT_ALIAS_REVERSE option set.

>Fix:

--- src/lib/libalias/alias.c.ORIG	Sat Aug 14 09:21:09 2004
+++ src/lib/libalias/alias.c	Sat Jan 29 20:19:42 2005
@@ -1170,7 +1170,7 @@
 
 	if (la->packetAliasMode & PKT_ALIAS_REVERSE) {
 		la->packetAliasMode &= ~PKT_ALIAS_REVERSE;
-		iresult = PacketAliasOut(ptr, maxpacketsize);
+		iresult = LibAliasOut(la, ptr, maxpacketsize);
 		la->packetAliasMode |= PKT_ALIAS_REVERSE;
 		return (iresult);
 	}
@@ -1264,7 +1264,7 @@
 
 	if (la->packetAliasMode & PKT_ALIAS_REVERSE) {
 		la->packetAliasMode &= ~PKT_ALIAS_REVERSE;
-		iresult = PacketAliasIn(ptr, maxpacketsize);
+		iresult = LibAliasIn(la, ptr, maxpacketsize);
 		la->packetAliasMode |= PKT_ALIAS_REVERSE;
 		return (iresult);
 	}
>Release-Note:
>Audit-Trail:
>Unformatted: