Date: Sun, 9 Aug 2009 15:53:12 -0400 (EDT) From: Rick Macklem <rmacklem@uoguelph.ca> To: Thomas Backman <serenity@exscape.org> Cc: FreeBSD current <freebsd-current@freebsd.org> Subject: Re: nmap UDP scan against 8.0-CURRENT -> fatal trap 12 Message-ID: <Pine.GSO.4.63.0908091546510.5263@muncher.cs.uoguelph.ca> In-Reply-To: <00694EF2-9BBC-4733-91C7-A6AE973D8973@exscape.org> References: <598778D3-AE7B-47AF-A4F9-0D832BC1A990@exscape.org> <Pine.GSO.4.63.0908091421360.18198@muncher.cs.uoguelph.ca> <00694EF2-9BBC-4733-91C7-A6AE973D8973@exscape.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 Aug 2009, Thomas Backman wrote:
[stuff snipped]
>> --- xdr/xdr_mbuf.c.sav 2009-08-07 15:02:35.000000000 -0400
>> +++ xdr/xdr_mbuf.c 2009-08-07 15:03:04.000000000 -0400
>> @@ -282,6 +282,8 @@
>> size_t available;
>> char *p;
>>
>> + if (!m)
>> + return (0);
>> if (xdrs->x_op == XDR_ENCODE) {
>> available = M_TRAILINGSPACE(m) + (m->m_len - xdrs->x_handy);
>> } else {
>>
>
> Initial results are certainly good! :-)
> Pre-patch, it panicked three times in a row, as I said within a few seconds.
> Post-patch I've looped the simpler scan for a while (10 minutes, or about 8-9
> runs) with no crash, and I also ran the more extensive one (which I doubt
> makes any difference...) once.
> Just for fun, I tried actually using nfsd while looping the scan, too. No
> problems.
>
Ok, sounds good. It's already in the re@ queue, so it should make it into
8.0. If it does crap out again, please let the list (and me) know.
Thanks for testing the patch, rick
ps: Thanks mostly goes to pho@ for his "wicked" test scripts that found
the crash that the above patch fixes + a bunch of others.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.63.0908091546510.5263>