From owner-freebsd-security Sat Oct 30 6:14: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from adm.sci-nnov.ru (adm.sci-nnov.ru [195.122.226.2]) by hub.freebsd.org (Postfix) with ESMTP id 1E22714C8C for ; Sat, 30 Oct 1999 06:13:54 -0700 (PDT) (envelope-from 3APA3A@SECURITY.NNOV.RU) Received: from anonymous.sandy.ru (anonymous.sandy.ru [195.122.226.12]) by adm.sci-nnov.ru (8.9.3/Dmiter-4.1) with ESMTP id RAA76351; Sat, 30 Oct 1999 17:08:46 +0400 (MSD) Date: Sat, 30 Oct 1999 17:08:52 +0400 From: 3APA3A <3APA3A@SECURITY.NNOV.RU> X-Mailer: The Bat! (v1.34) S/N D33CD428 Reply-To: 3APA3A <3APA3A@SECURITY.NNOV.RU> Organization: http://www.security.nnov.ru X-Priority: 3 (Normal) Message-ID: <19714.991030@SECURITY.NNOV.RU> To: vulN-DEV@SECURITYFOCUS.COM, bugtraq@securityfocus.com Cc: security@freebsd.org Subject: FreeBSD listen() again Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello vulN-DEV@, I wasn't right in defining the problem for backlog in listen() as it was correctly pointed by Sebastian : -=-=-=-=- For some unknown reasons berkeley derived implementations multiply backlog with 1.5. (backlog = 5 will turn to 8 for example). -=-=-=-=- It seems real queue length is counted as backlog + (backlog+1)>>1 that's why listen(sock, 1) will never work as it should. It will allow to establish 2 connections. It's for both FreeBSD 2.2.x and 3.x, so the problem is even deeper. /\_/\ { . . } |\ +--oQQo->{ ^ }<-----+ \ | 3APA3A U 3APA3A } +-------------o66o--+ / |/ X5O!P@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message