Date: Sun, 2 Jul 1995 20:41:04 +0100 (BST) From: Karl Strickland <karl@bagpuss.demon.co.uk> To: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> Cc: joerg@freefall.cdrom.com, CVS-commiters@freefall.cdrom.com, cvs-sys@freefall.cdrom.com Subject: Re: cvs commit: src/sys/netinet ip_output.c Message-ID: <199507021941.UAA05771@bagpuss.demon.co.uk> In-Reply-To: <199507020733.AAA15991@gndrsh.aac.dev.com> from "Rodney W. Grimes" at Jul 2, 95 00:33:07 am
next in thread | previous in thread | raw e-mail | index | archive | help
>
> >
> > joerg 95/07/01 12:09:41
> >
> > Modified: sys/netinet ip_output.c
> > Log:
> > I saw a very low-key commit message on the netbsd mailing lists and
> > figured out what the problem was.. Anyway, I rate it as "highly
> > serious".
>
> That is ``where'' it came from, there should be an annotation about
> ``what'' it changed, and normally ``why'', we should not try to hide
> holes that crash systems from our uses, they need to know about them.
>
> > Submitted by: peter@haywire.DIALix.COM (Peter Wemm)
> >
>
Seems a program such as the following can cause a crash with a NULL ptr
dereference:
main()
{
int s;
s = socket(AF_INET, SOCK_STREAM, 0);
setsockopt(s, IPPROTO_IP, IP_TOS, NULL, 0);
}
For some of the new IP options in net/3, the NULL mbuf ptr is not checked for
before it is dereferenced.
--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk
|
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199507021941.UAA05771>