From owner-freebsd-security@FreeBSD.ORG Mon Feb 14 10:36:28 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 45024106564A for ; Mon, 14 Feb 2011 10:36:28 +0000 (UTC) (envelope-from egoitz@ramattack.net) Received: from ks200575.kimsufi.com (ks200575.kimsufi.com [91.121.111.71]) by mx1.freebsd.org (Postfix) with ESMTP id 0AF558FC12 for ; Mon, 14 Feb 2011 10:36:27 +0000 (UTC) Received: from [192.168.1.154] (unknown [195.16.138.2]) by ks200575.kimsufi.com (Postfix) with ESMTPSA id 31A7EB224 for ; Mon, 14 Feb 2011 11:36:12 +0000 (UTC) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Apple Message framework v1082) From: Egoitz Aurrekoetxea Aurre In-Reply-To: Date: Mon, 14 Feb 2011 11:36:25 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4D42D2B2.4030806@tomjudge.com> <201101281209.51046.john@baldwin.cx> <4D42FF0E.9030407@tomjudge.com> <201101281427.19212.jhb@freebsd.org> <20110129003032.GA16316@movsx> <4D473A53.6000602@freebsd.org> To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.1082) Subject: Re: Recent full disclosure post - Local DOS X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Feb 2011 10:36:28 -0000 Hi all!, I have seen the patch has been applied in releng_7_4, releng_8_2, = stable, head... but not in releng_8_1 or releng_8_0... is it planned to = be applied too on this branches?? Thanks a lot. Bye! El 03/02/2011, a las 17:19, Egoitz Aurrekoetxea Aurre escribi=F3: > Hi all, >=20 > So then, this just crashes in current?? else... is it known which = kernel nic drivers cause this?. I have attempted to crash a 8.1-release = on vmware fusion virtual machine without success... >=20 > Thanks a lot!, > Bye! >=20 >=20 > El 31/01/2011, a las 23:40, Lawrence Stewart escribi=F3: >=20 >> On 01/29/11 11:30, Christian Peron wrote: >>> On Fri, Jan 28, 2011 at 02:27:18PM -0500, John Baldwin wrote: >>> [..] >>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>>> --- tcp_usrreq.c (revision 218018) >>>> +++ tcp_usrreq.c (working copy) >>>> @@ -1330,7 +1330,8 @@ tcp_ctloutput(struct socket *so, struct = sockopt *s >>>> tp->t_flags |=3D TF_NOPUSH; >>>> else { >>>> tp->t_flags &=3D ~TF_NOPUSH; >>>> - error =3D tcp_output(tp); >>>> + if (TCPS_HAVEESTABLISHED(tp->t_state)) >>>> + error =3D tcp_output(tp); >>>> } >>>> INP_WUNLOCK(inp); >>>> break; >>>=20 >>> I was thinking of correcting it the same way.. I might even do = something >>> like: >>>=20 >>> else { >>> if (tp->t_flags & TF_NOPUSH) { >>> tp->t_flags &=3D ~TF_NOPUSH; >>> if (TCPS_HAVEESTABLISHED(tp->t_state)) >>> error =3D tcp_output(tp); >>> } >>> } >>>=20 >>> By default, this mask is not set.. so un-setting it and calling = tcp_output()=20 >>> if it was not already set seems wasteful >>=20 >> Apologies for tuning in late, but FWIW I concur and think the above >> patch is appropriate. >>=20 >> Cheers, >> Lawrence >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org"