From gil@kloepfer.org  Sun Jan 30 02:36:30 2005
Return-Path: <gil@kloepfer.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4E88216A511
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 30 Jan 2005 02:36:30 +0000 (GMT)
Received: from limbic.kloepfer.org (limbic.kloepfer.org [67.65.12.9])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BE91E43D39
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 30 Jan 2005 02:36:29 +0000 (GMT)
	(envelope-from gil@kloepfer.org)
Received: from limbic.kloepfer.org (localhost.kloepfer.org [127.0.0.1])
	by limbic.kloepfer.org (8.13.1/8.13.1) with ESMTP id j0U2aSWU078297;
	Sat, 29 Jan 2005 20:36:29 -0600 (CST)
	(envelope-from gil@kloepfer.org)
Received: (from gil@localhost)
	by limbic.kloepfer.org (8.13.1/8.13.1/Submit) id j0U2aStG078296;
	Sat, 29 Jan 2005 20:36:28 -0600 (CST)
	(envelope-from gil@kloepfer.org)
Message-Id: <200501300236.j0U2aStG078296@limbic.kloepfer.org>
Date: Sat, 29 Jan 2005 20:36:28 -0600 (CST)
From: Gil Kloepfer <fgil@kloepfer.org>
Reply-To: Gil Kloepfer <fgil@kloepfer.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: fgil@limbic.kloepfer.org
Subject: natd coredumps with -reverse due to bug in libalias
X-Send-Pr-Version: 3.113
X-GNATS-Notify: ru

>Number:         76839
>Category:       bin
>Synopsis:       natd coredumps with -reverse due to bug in libalias
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    phk
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 30 02:40:07 GMT 2005
>Closed-Date:    Tue Apr 05 13:05:13 GMT 2005
>Last-Modified:  Tue Apr 05 13:05:13 GMT 2005
>Originator:     Gil Kloepfer
>Release:        FreeBSD 5.3-RELEASE i386
>Organization:
Self
>Environment:
System: FreeBSD limbic.kloepfer.org 5.3-RELEASE FreeBSD 5.3-RELEASE #1: Sat Nov 27 18:52:35 CST 2004 fgil@limbic.kloepfer.org:/sysbuild/src/sys/i386/compile/DELLDIM i386

	5.3-RELEASE as described in System above, will fail
	in any environment.

>Description:

	natd core dumps when -reverse switch is used because of a bug
	in libalias.

	In /usr/src/lib/libalias/alias.c, the functions LibAliasIn
	and LibAliasOutTry call the legacy PacketAliasIn/PacketAliasOut
	instead of LibAliasIn/LibAliasOut when the PKT_ALIAS_REVERSE
	option is set.  In this case, the context variable "la" gets lost 
	because the legacy compatibility routines expect "la" to be global.
	This was obviously an oversight when rewriting the
	PacketAlias* functions to the LibAlias* functions.

	The fix (as shown in the patch below) is to remove the legacy
	subroutine calls and replace with the new ones using the
	"la" struct as the first arg.

>How-To-Repeat:

	use natd with the -reverse option, although this will
	fail in any application using the LibAlias functions with
	the PKT_ALIAS_REVERSE option set.

>Fix:

--- src/lib/libalias/alias.c.ORIG	Sat Aug 14 09:21:09 2004
+++ src/lib/libalias/alias.c	Sat Jan 29 20:19:42 2005
@@ -1170,7 +1170,7 @@
 
 	if (la->packetAliasMode & PKT_ALIAS_REVERSE) {
 		la->packetAliasMode &= ~PKT_ALIAS_REVERSE;
-		iresult = PacketAliasOut(ptr, maxpacketsize);
+		iresult = LibAliasOut(la, ptr, maxpacketsize);
 		la->packetAliasMode |= PKT_ALIAS_REVERSE;
 		return (iresult);
 	}
@@ -1264,7 +1264,7 @@
 
 	if (la->packetAliasMode & PKT_ALIAS_REVERSE) {
 		la->packetAliasMode &= ~PKT_ALIAS_REVERSE;
-		iresult = PacketAliasIn(ptr, maxpacketsize);
+		iresult = LibAliasIn(la, ptr, maxpacketsize);
 		la->packetAliasMode |= PKT_ALIAS_REVERSE;
 		return (iresult);
 	}
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->phk 
Responsible-Changed-By: ru 
Responsible-Changed-When: Sun Jan 30 11:02:32 GMT 2005 
Responsible-Changed-Why:  
The patch looks good. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=76839 

From: "Nicolai Petri" <nicolai@catpipe.net>
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/76839: natd coredumps with -reverse due to bug in libalias
Date: Wed, 02 Feb 2005 11:10:11 +0100

 This bug is reproducible here and the patch fixes the problem. This patch  
 should be applied to both 5-STABLE and 6-CURRENT.
 With regards to compatibility with alias_old there should be no weird  
 interactions because the pointers will also in that case be correct.
 
 ---
 Nicolai Petri
 capipe Systems
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Tue Apr 5 13:04:43 GMT 2005 
State-Changed-Why:  
Committed to -current, will be MFC'ed as soon as possible. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=76839 
>Unformatted:
