From owner-freebsd-security@FreeBSD.ORG Sun Jan 30 09:55:10 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 417C5106566B for ; Sun, 30 Jan 2011 09:55:10 +0000 (UTC) (envelope-from markm@FreeBSD.org) Received: from gromit.grondar.org (grandfather.grondar.org [IPv6:2a01:348:0:15:5d59:5c20:0:2]) by mx1.freebsd.org (Postfix) with ESMTP id 7247D8FC15 for ; Sun, 30 Jan 2011 09:55:09 +0000 (UTC) Received: from uucp by gromit.grondar.org with local-rmail (Exim 4.73 (FreeBSD)) (envelope-from ) id 1PjTzu-0009PF-E5 for freebsd-security@freebsd.org; Sun, 30 Jan 2011 09:55:06 +0000 Received: from localhost ([127.0.0.1] helo=groundzero.grondar.org) by groundzero.grondar.org with esmtp (Exim 4.74 (FreeBSD)) (envelope-from ) id 1PjTzp-000DTT-1E; Sun, 30 Jan 2011 09:55:01 +0000 To: David Magda In-reply-to: References: From: Mark Murray Date: Sun, 30 Jan 2011 09:55:00 +0000 Message-Id: Cc: freebsd-security@freebsd.org Subject: Re: Add SHA-256/512 hash algorithm to crypt(3) (kern/124164) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jan 2011 09:55:10 -0000 David Magda writes: > Is there any chance that kern/124164 [1] could be looked at? The > included patch has been updated by KIMURA Yasuhiro for 8.1R, and so > hopefully would be okay for 8.3R (and maybe even -CURRENT). I've taken this. It will go in CURRENT first. 8.3 seems like a reasonable later merge. M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 From owner-freebsd-security@FreeBSD.ORG Sun Jan 30 16:27:44 2011 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A4DEF106564A for ; Sun, 30 Jan 2011 16:27:44 +0000 (UTC) (envelope-from dmagda@ee.ryerson.ca) Received: from eccles.ee.ryerson.ca (ee.ryerson.ca [141.117.1.2]) by mx1.freebsd.org (Postfix) with ESMTP id 4E8C38FC08 for ; Sun, 30 Jan 2011 16:27:43 +0000 (UTC) Received: from [10.0.1.3] ([70.30.90.57]) (authenticated bits=0) by eccles.ee.ryerson.ca (8.14.4/8.14.4) with ESMTP id p0UGOTtH076202 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sun, 30 Jan 2011 11:24:41 -0500 (EST) (envelope-from dmagda@ee.ryerson.ca) Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: David Magda In-Reply-To: Date: Sun, 30 Jan 2011 11:27:08 -0500 Content-Transfer-Encoding: 7bit Message-Id: <6C7C5856-4551-4BCA-A15B-30E422D028CC@ee.ryerson.ca> References: To: Mark Murray X-Mailer: Apple Mail (2.1082) X-Mailman-Approved-At: Sun, 30 Jan 2011 16:29:52 +0000 Cc: freebsd-security@FreeBSD.org Subject: Re: Add SHA-256/512 hash algorithm to crypt(3) (kern/124164) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jan 2011 16:27:44 -0000 On Jan 30, 2011, at 04:55, Mark Murray wrote: > David Magda writes: >> Is there any chance that kern/124164 [1] could be looked at? The >> included patch has been updated by KIMURA Yasuhiro for 8.1R, and so >> hopefully would be okay for 8.3R (and maybe even -CURRENT). > > I've taken this. It will go in CURRENT first. 8.3 seems like a > reasonable later merge. Awesome! Thanks. From owner-freebsd-security@FreeBSD.ORG Sun Jan 30 21:25:06 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C220B106564A for ; Sun, 30 Jan 2011 21:25:06 +0000 (UTC) (envelope-from markm@FreeBSD.org) Received: from gromit.grondar.org (grandfather.grondar.org [IPv6:2a01:348:0:15:5d59:5c20:0:2]) by mx1.freebsd.org (Postfix) with ESMTP id 5AC0F8FC08 for ; Sun, 30 Jan 2011 21:25:06 +0000 (UTC) Received: from uucp by gromit.grondar.org with local-rmail (Exim 4.73 (FreeBSD)) (envelope-from ) id 1Pjeld-000AOC-Dh for freebsd-security@freebsd.org; Sun, 30 Jan 2011 21:25:05 +0000 Received: from localhost ([127.0.0.1] helo=groundzero.grondar.org) by groundzero.grondar.org with esmtp (Exim 4.74 (FreeBSD)) (envelope-from ) id 1Pjeie-000Efv-Mi; Sun, 30 Jan 2011 21:22:00 +0000 To: David Magda In-reply-to: <6C7C5856-4551-4BCA-A15B-30E422D028CC@ee.ryerson.ca> References: <6C7C5856-4551-4BCA-A15B-30E422D028CC@ee.ryerson.ca> From: Mark Murray Date: Sun, 30 Jan 2011 21:22:00 +0000 Message-Id: Cc: freebsd-security@FreeBSD.org Subject: Re: Add SHA-256/512 hash algorithm to crypt(3) (kern/124164) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jan 2011 21:25:06 -0000 David Magda writes: > On Jan 30, 2011, at 04:55, Mark Murray wrote: > > > David Magda writes: > >> Is there any chance that kern/124164 [1] could be looked at? The > >> included patch has been updated by KIMURA Yasuhiro for 8.1R, and so > >> hopefully would be okay for 8.3R (and maybe even -CURRENT). > > > > I've taken this. It will go in CURRENT first. 8.3 seems like a > > reasonable later merge. > > Awesome! Thanks. No problemo. Just as a first cut, I'm going to "FreeBSD-ify" the code, to get it up to our style(9) standards. Apart from stylistic issues, we already have SHA256 and SHA512 in our libraries, and they don't have alignment issues, So I'll use them instead. You've donated to code to "public domain"; any objection if I make this a BSD 2-clause license with FreeBSD as the copyright holder? Many places have weird problems with the concept of "public domain", and 2-clause BSD is pretty darned close. M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 From owner-freebsd-security@FreeBSD.ORG Sun Jan 30 21:38:07 2011 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 67CEB106564A; Sun, 30 Jan 2011 21:38:07 +0000 (UTC) (envelope-from dmagda@ee.ryerson.ca) Received: from eccles.ee.ryerson.ca (ee.ryerson.ca [141.117.1.2]) by mx1.freebsd.org (Postfix) with ESMTP id 248028FC15; Sun, 30 Jan 2011 21:38:06 +0000 (UTC) Received: from [10.0.1.3] ([69.158.17.2]) (authenticated bits=0) by eccles.ee.ryerson.ca (8.14.4/8.14.4) with ESMTP id p0ULZ05W092413 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sun, 30 Jan 2011 16:35:03 -0500 (EST) (envelope-from dmagda@ee.ryerson.ca) Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: text/plain; charset=us-ascii From: David Magda In-Reply-To: Date: Sun, 30 Jan 2011 16:37:40 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: References: <6C7C5856-4551-4BCA-A15B-30E422D028CC@ee.ryerson.ca> To: Mark Murray X-Mailer: Apple Mail (2.1082) X-Mailman-Approved-At: Sun, 30 Jan 2011 22:15:26 +0000 Cc: freebsd-security@FreeBSD.org Subject: Re: Add SHA-256/512 hash algorithm to crypt(3) (kern/124164) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Jan 2011 21:38:07 -0000 On Jan 30, 2011, at 16:22, Mark Murray wrote: > Just as a first cut, I'm going to "FreeBSD-ify" the code, to get it > up to our style(9) standards. Apart from stylistic issues, we already > have SHA256 and SHA512 in our libraries, and they don't have alignment > issues, So I'll use them instead. You've donated to code to "public > domain"; any objection if I make this a BSD 2-clause license with > FreeBSD as the copyright holder? Many places have weird problems with > the concept of "public domain", and 2-clause BSD is pretty darned = close. The patch and PR is not mine. I'm just an interested by-stander. :) It was massage for FreeBSD by KIMURA Yasuhiro (see PR). AFAICT, the = public domain part is from the code provided by Ulrich Drepper = (drepper-at-akkadia.org; his RH e-mail bounces): http://www.akkadia.org/drepper/sha-crypt.html http://www.akkadia.org/drepper/SHA-crypt.txt Not sure which of the two would need to be contacted for the change: = one? both? RH as well? (Open)Solaris is another project that incorporates the code if that = matters: http://src.opensolaris.org/source/search?q=3DDrepper http://arc.opensolaris.org/caselog/PSARC/2007/642/ = http://mail.opensolaris.org/pipermail/security-discuss/2007-December/00207= 0.html= From owner-freebsd-security@FreeBSD.ORG Mon Jan 31 09:40:52 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 43F4E106564A for ; Mon, 31 Jan 2011 09:40:52 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from xps.daemonology.net (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx2.freebsd.org (Postfix) with SMTP id AC87F14DB84 for ; Mon, 31 Jan 2011 09:40:51 +0000 (UTC) Received: (qmail 49235 invoked from network); 31 Jan 2011 09:40:55 -0000 Received: from unknown (HELO xps.daemonology.net) (127.0.0.1) by localhost with SMTP; 31 Jan 2011 09:40:55 -0000 Message-ID: <4D4683A7.9030708@freebsd.org> Date: Mon, 31 Jan 2011 01:40:55 -0800 From: FreeBSD Security Officer Organization: FreeBSD Project User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.16) Gecko/20101220 Thunderbird/3.0.11 MIME-Version: 1.0 To: FreeBSD Stable , freebsd security X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: HEADS UP: FreeBSD 7.1 EoL coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: security-officer@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2011 09:40:52 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, On February 28th, FreeBSD 7.1 will reach its End of Life and will no longer be supported by the FreeBSD Security Team. (This was initially scheduled to occur today, but in light of the imminent arrival of FreeBSD 7.4 I decided to push it back a month.) Users of FreeBSD 7.1 are strongly encouraged to upgrade to either FreeBSD 7.3, FreeBSD 8.1, or the upcoming FreeBSD 7.4 or 8.2 within the next month. The current supported branches and expected EoL dates are: +---------------------------------------------------------------------+ | Branch | Release | Type | Release date | Estimated EoL | |-----------+------------+--------+-----------------+-----------------| |RELENG_7 |n/a |n/a |n/a |last release + 2y| |-----------+------------+--------+-----------------+-----------------| |RELENG_7_1 |7.1-RELEASE |Extended|January 4, 2009 |February 28, 2011| |-----------+------------+--------+-----------------+-----------------| |RELENG_7_3 |7.3-RELEASE |Extended|March 23, 2010 |March 31, 2012 | |-----------+------------+--------+-----------------+-----------------| |RELENG_7_4 |7.4-RELEASE |Extended|not yet |release + 2 years| |-----------+------------+--------+-----------------+-----------------| |RELENG_8 |n/a |n/a |n/a |last release + 2y| |-----------+------------+--------+-----------------+-----------------| |RELENG_8_1 |8.1-RELEASE |Extended|July 23, 2010 |July 31, 2012 | |-----------+------------+--------+-----------------+-----------------| |RELENG_8_2 |8.2-RELEASE |Normal |not yet |release + 1 year | +---------------------------------------------------------------------+ - -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEARECAAYFAk1Gg6cACgkQFdaIBMps37K69QCfZb4Xa6YEiSOtXDPLfGpi6crE fGEAnjANjSSDXolX5c9VBximNpOD/1rw =5yHH -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Mon Jan 31 17:43:32 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5610D106566C for ; Mon, 31 Jan 2011 17:43:32 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from eu1sys200aog116.obsmtp.com (eu1sys200aog116.obsmtp.com [207.126.144.141]) by mx1.freebsd.org (Postfix) with SMTP id 058958FC1B for ; Mon, 31 Jan 2011 17:43:30 +0000 (UTC) Received: from source ([63.174.175.251]) by eu1sys200aob116.postini.com ([207.126.147.11]) with SMTP ID DSNKTUb0wSYzmCDH8TB7mEFGi8iOwYkPAyKH@postini.com; Mon, 31 Jan 2011 17:43:31 UTC Received: from [172.17.10.53] (unknown [172.17.10.53]) by bbbx3.usdmm.com (Postfix) with ESMTP id B97A4FD054; Mon, 31 Jan 2011 17:43:28 +0000 (UTC) Message-ID: <4D46F4A7.8050306@tomjudge.com> Date: Mon, 31 Jan 2011 11:43:03 -0600 From: Tom Judge User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101208 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: John Baldwin References: <4D42D2B2.4030806@tomjudge.com> <201101281209.51046.john@baldwin.cx> <4D42FF0E.9030407@tomjudge.com> <201101281427.19212.jhb@freebsd.org> In-Reply-To: <201101281427.19212.jhb@freebsd.org> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, Bjoern Zeeb , Lawrence Stewart Subject: Re: Recent full disclosure post - Local DOS X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2011 17:43:32 -0000 On 01/28/2011 01:27 PM, John Baldwin wrote: > On Friday, January 28, 2011 12:38:22 pm Tom Judge wrote: >> On 01/28/2011 11:09 AM, John Baldwin wrote: >>> On Friday, January 28, 2011 11:08:37 am Tom Judge wrote: >>>> On 01/28/2011 08:29 AM, Tom Judge wrote: >>>>> >>>>> Has anyone looked at this: >>>>> >>>>> [Full-disclosure] FreeBSD local denial of service - forced reboot >>>>> >>>>> http://lists.grok.org.uk/pipermail/full-disclosure/2011- >>> January/078836.html >>>>> >> >> Hi John, >> >> I can't repeat this with the code you sent. I tried this in a while (1) >> loop and had 4 instances running without issue. > > Humm. That is the only setsockopt for TCP that can trigger a call to > tcp_output(). > Hi John, I have just updated my test box to r218019. Without your patch the issue is still present. With your patch it seems to be fine (It passed 100 iterations of the code in the post). Tom > I have a possible fix I'm just not sure if it is completely correct: > > Index: tcp_usrreq.c > =================================================================== > --- tcp_usrreq.c (revision 218018) > +++ tcp_usrreq.c (working copy) > @@ -1330,7 +1330,8 @@ tcp_ctloutput(struct socket *so, struct sockopt *s > tp->t_flags |= TF_NOPUSH; > else { > tp->t_flags &= ~TF_NOPUSH; > - error = tcp_output(tp); > + if (TCPS_HAVEESTABLISHED(tp->t_state)) > + error = tcp_output(tp); > } > INP_WUNLOCK(inp); > break; > -- TJU13-ARIN From owner-freebsd-security@FreeBSD.ORG Mon Jan 31 22:58:32 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3ED211065673; Mon, 31 Jan 2011 22:58:32 +0000 (UTC) (envelope-from lstewart@freebsd.org) Received: from lauren.room52.net (lauren.room52.net [210.50.193.198]) by mx1.freebsd.org (Postfix) with ESMTP id F38C88FC12; Mon, 31 Jan 2011 22:58:31 +0000 (UTC) Received: from lawrence1.loshell.room52.net (ppp59-167-184-191.static.internode.on.net [59.167.184.191]) by lauren.room52.net (Postfix) with ESMTPSA id 092D17E84A; Tue, 1 Feb 2011 09:40:20 +1100 (EST) Message-ID: <4D473A53.6000602@freebsd.org> Date: Tue, 01 Feb 2011 09:40:19 +1100 From: Lawrence Stewart User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-AU; rv:1.9.2.13) Gecko/20101214 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: Christian Peron References: <4D42D2B2.4030806@tomjudge.com> <201101281209.51046.john@baldwin.cx> <4D42FF0E.9030407@tomjudge.com> <201101281427.19212.jhb@freebsd.org> <20110129003032.GA16316@movsx> In-Reply-To: <20110129003032.GA16316@movsx> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.0 required=5.0 tests=UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on lauren.room52.net X-Mailman-Approved-At: Tue, 01 Feb 2011 00:00:11 +0000 Cc: Tom Judge , freebsd-security@freebsd.org, Bjoern Zeeb , John Baldwin Subject: Re: Recent full disclosure post - Local DOS X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Jan 2011 22:58:32 -0000 On 01/29/11 11:30, Christian Peron wrote: > On Fri, Jan 28, 2011 at 02:27:18PM -0500, John Baldwin wrote: > [..] >> =================================================================== >> --- tcp_usrreq.c (revision 218018) >> +++ tcp_usrreq.c (working copy) >> @@ -1330,7 +1330,8 @@ tcp_ctloutput(struct socket *so, struct sockopt *s >> tp->t_flags |= TF_NOPUSH; >> else { >> tp->t_flags &= ~TF_NOPUSH; >> - error = tcp_output(tp); >> + if (TCPS_HAVEESTABLISHED(tp->t_state)) >> + error = tcp_output(tp); >> } >> INP_WUNLOCK(inp); >> break; > > I was thinking of correcting it the same way.. I might even do something > like: > > else { > if (tp->t_flags & TF_NOPUSH) { > tp->t_flags &= ~TF_NOPUSH; > if (TCPS_HAVEESTABLISHED(tp->t_state)) > error = tcp_output(tp); > } > } > > By default, this mask is not set.. so un-setting it and calling tcp_output() > if it was not already set seems wasteful Apologies for tuning in late, but FWIW I concur and think the above patch is appropriate. Cheers, Lawrence From owner-freebsd-security@FreeBSD.ORG Thu Feb 3 16:35:29 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE165106566C for ; Thu, 3 Feb 2011 16:35:29 +0000 (UTC) (envelope-from egoitz@ramattack.net) Received: from ks200575.kimsufi.com (ks200575.kimsufi.com [91.121.111.71]) by mx1.freebsd.org (Postfix) with ESMTP id 782978FC20 for ; Thu, 3 Feb 2011 16:35:29 +0000 (UTC) Received: from [192.168.1.154] (unknown [195.16.138.2]) by ks200575.kimsufi.com (Postfix) with ESMTPSA id 06410B224 for ; Thu, 3 Feb 2011 17:19:26 +0000 (UTC) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Apple Message framework v1082) From: Egoitz Aurrekoetxea Aurre In-Reply-To: <4D473A53.6000602@freebsd.org> Date: Thu, 3 Feb 2011 17:19:40 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4D42D2B2.4030806@tomjudge.com> <201101281209.51046.john@baldwin.cx> <4D42FF0E.9030407@tomjudge.com> <201101281427.19212.jhb@freebsd.org> <20110129003032.GA16316@movsx> <4D473A53.6000602@freebsd.org> To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.1082) Subject: Re: Recent full disclosure post - Local DOS X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2011 16:35:30 -0000 Hi all, So then, this just crashes in current?? else... is it known which kernel = nic drivers cause this?. I have attempted to crash a 8.1-release on = vmware fusion virtual machine without success... Thanks a lot!, Bye! El 31/01/2011, a las 23:40, Lawrence Stewart escribi=F3: > On 01/29/11 11:30, Christian Peron wrote: >> On Fri, Jan 28, 2011 at 02:27:18PM -0500, John Baldwin wrote: >> [..] >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>> --- tcp_usrreq.c (revision 218018) >>> +++ tcp_usrreq.c (working copy) >>> @@ -1330,7 +1330,8 @@ tcp_ctloutput(struct socket *so, struct = sockopt *s >>> tp->t_flags |=3D TF_NOPUSH; >>> else { >>> tp->t_flags &=3D ~TF_NOPUSH; >>> - error =3D tcp_output(tp); >>> + if (TCPS_HAVEESTABLISHED(tp->t_state)) >>> + error =3D tcp_output(tp); >>> } >>> INP_WUNLOCK(inp); >>> break; >>=20 >> I was thinking of correcting it the same way.. I might even do = something >> like: >>=20 >> else { >> if (tp->t_flags & TF_NOPUSH) { >> tp->t_flags &=3D ~TF_NOPUSH; >> if (TCPS_HAVEESTABLISHED(tp->t_state)) >> error =3D tcp_output(tp); >> } >> } >>=20 >> By default, this mask is not set.. so un-setting it and calling = tcp_output()=20 >> if it was not already set seems wasteful >=20 > Apologies for tuning in late, but FWIW I concur and think the above > patch is appropriate. >=20 > Cheers, > Lawrence > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org"