bin/76839: natd coredumps with -reverse due to bug in libalias

Gil Kloepfer fgil at kloepfer.org
Sat Jan 29 18:40:25 PST 2005 

>Number:         76839
>Category:       bin
>Synopsis:       natd coredumps with -reverse due to bug in libalias
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 30 02:40:07 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Gil Kloepfer
>Release:        FreeBSD 5.3-RELEASE i386
>Organization:
Self
>Environment:
System: FreeBSD limbic.kloepfer.org 5.3-RELEASE FreeBSD 5.3-RELEASE #1: Sat Nov 27 18:52:35 CST 2004 fgil at limbic.kloepfer.org:/sysbuild/src/sys/i386/compile/DELLDIM i386

	5.3-RELEASE as described in System above, will fail
	in any environment.

>Description:

	natd core dumps when -reverse switch is used because of a bug
	in libalias.

	In /usr/src/lib/libalias/alias.c, the functions LibAliasIn
	and LibAliasOutTry call the legacy PacketAliasIn/PacketAliasOut
	instead of LibAliasIn/LibAliasOut when the PKT_ALIAS_REVERSE
	option is set.  In this case, the context variable "la" gets lost 
	because the legacy compatibility routines expect "la" to be global.
	This was obviously an oversight when rewriting the
	PacketAlias* functions to the LibAlias* functions.

	The fix (as shown in the patch below) is to remove the legacy
	subroutine calls and replace with the new ones using the
	"la" struct as the first arg.

>How-To-Repeat:

	use natd with the -reverse option, although this will
	fail in any application using the LibAlias functions with
	the PKT_ALIAS_REVERSE option set.

>Fix:

--- src/lib/libalias/alias.c.ORIG	Sat Aug 14 09:21:09 2004
+++ src/lib/libalias/alias.c	Sat Jan 29 20:19:42 2005
@@ -1170,7 +1170,7 @@
 
 	if (la->packetAliasMode & PKT_ALIAS_REVERSE) {
 		la->packetAliasMode &= ~PKT_ALIAS_REVERSE;
-		iresult = PacketAliasOut(ptr, maxpacketsize);
+		iresult = LibAliasOut(la, ptr, maxpacketsize);
 		la->packetAliasMode |= PKT_ALIAS_REVERSE;
 		return (iresult);
 	}
@@ -1264,7 +1264,7 @@
 
 	if (la->packetAliasMode & PKT_ALIAS_REVERSE) {
 		la->packetAliasMode &= ~PKT_ALIAS_REVERSE;
-		iresult = PacketAliasIn(ptr, maxpacketsize);
+		iresult = LibAliasIn(la, ptr, maxpacketsize);
 		la->packetAliasMode |= PKT_ALIAS_REVERSE;
 		return (iresult);
 	}
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list