From owner-freebsd-bugs Wed Feb 14 22:20: 8 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 522A737B503 for ; Wed, 14 Feb 2001 22:20:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f1F6K1v55838; Wed, 14 Feb 2001 22:20:01 -0800 (PST) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id BA5FA37B4EC for ; Wed, 14 Feb 2001 22:15:04 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f1F6F4r54139; Wed, 14 Feb 2001 22:15:04 -0800 (PST) (envelope-from nobody) Message-Id: <200102150615.f1F6F4r54139@freefall.freebsd.org> Date: Wed, 14 Feb 2001 22:15:04 -0800 (PST) From: jcole@3lefties.com To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: misc/25107: natd (and others?) segfault caused by error in libalias Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 25107 >Category: misc >Synopsis: natd (and others?) segfault caused by error in libalias >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Feb 14 22:20:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Jerimiah Cole >Release: 4.1-RELEASE >Organization: I-NET of New Mexico >Environment: FreeBSD waldo.3lefties.com 4.1-RELEASE FreeBSD 4.1-RELEASE #0: Fri Nov 3 16:12: 21 MST 2000 root@waldo.3lefties.com:/usr/src/sys/compile/WALDO_JC-20001103 i386 >Description: line 2622 of alias_db.c in libalias declares a varable to hold "The first firewall entry free for our use" when poking holes in the firewall for ftp data and irc dcc connections. It's declared as int. FreeBSD's ipfw firewall uses rule numbers up to 65535, so this variable should be declared as unsigned int. When natd is set up to use this feature and the firewall "base" number is greater than 32767, natd happily segfaults when an ftp data connection is natted, and natd tries to generate the firewall hole. I'm sure other software based on libalias is affected. >How-To-Repeat: Simply fire up natd with the -punch_fw basenumber:count option and the basenumber set greater than 32767 and try and establish an ftp data connection through the nat. >Fix: Change line 2622 of alias_db.c to read "unsigned int" instead of "int". Note also that natd uses an unsigned int internally and when passing the base value to libalias routines. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message