From owner-freebsd-current@FreeBSD.ORG Sun Aug 9 19:49:18 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 327E8106564A for ; Sun, 9 Aug 2009 19:49:18 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-jnhn.mail.uoguelph.ca (esa-jnhn.mail.uoguelph.ca [131.104.91.44]) by mx1.freebsd.org (Postfix) with ESMTP id DC1858FC1F for ; Sun, 9 Aug 2009 19:49:17 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApoEAEfFfkqDaFvI/2dsb2JhbADMHIQYBQ X-IronPort-AV: E=Sophos;i="4.43,349,1246852800"; d="scan'208";a="43842801" Received: from darling.cs.uoguelph.ca ([131.104.91.200]) by esa-jnhn-pri.mail.uoguelph.ca with ESMTP; 09 Aug 2009 15:49:17 -0400 Received: from localhost (localhost.localdomain [127.0.0.1]) by darling.cs.uoguelph.ca (Postfix) with ESMTP id 24F67940074; Sun, 9 Aug 2009 15:49:17 -0400 (EDT) X-Virus-Scanned: amavisd-new at darling.cs.uoguelph.ca Received: from darling.cs.uoguelph.ca ([127.0.0.1]) by localhost (darling.cs.uoguelph.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNonInLsL4dF; Sun, 9 Aug 2009 15:49:16 -0400 (EDT) Received: from muncher.cs.uoguelph.ca (muncher.cs.uoguelph.ca [131.104.91.102]) by darling.cs.uoguelph.ca (Postfix) with ESMTP id 383CA940073; Sun, 9 Aug 2009 15:49:16 -0400 (EDT) Received: from localhost (rmacklem@localhost) by muncher.cs.uoguelph.ca (8.11.7p3+Sun/8.11.6) with ESMTP id n79JrCq06329; Sun, 9 Aug 2009 15:53:12 -0400 (EDT) X-Authentication-Warning: muncher.cs.uoguelph.ca: rmacklem owned process doing -bs Date: Sun, 9 Aug 2009 15:53:12 -0400 (EDT) From: Rick Macklem X-X-Sender: rmacklem@muncher.cs.uoguelph.ca To: Thomas Backman In-Reply-To: <00694EF2-9BBC-4733-91C7-A6AE973D8973@exscape.org> Message-ID: References: <598778D3-AE7B-47AF-A4F9-0D832BC1A990@exscape.org> <00694EF2-9BBC-4733-91C7-A6AE973D8973@exscape.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: FreeBSD current Subject: Re: nmap UDP scan against 8.0-CURRENT -> fatal trap 12 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Aug 2009 19:49:18 -0000 On Sun, 9 Aug 2009, Thomas Backman wrote: [stuff snipped] >> --- xdr/xdr_mbuf.c.sav 2009-08-07 15:02:35.000000000 -0400 >> +++ xdr/xdr_mbuf.c 2009-08-07 15:03:04.000000000 -0400 >> @@ -282,6 +282,8 @@ >> size_t available; >> char *p; >> >> + if (!m) >> + return (0); >> if (xdrs->x_op == XDR_ENCODE) { >> available = M_TRAILINGSPACE(m) + (m->m_len - xdrs->x_handy); >> } else { >> > > Initial results are certainly good! :-) > Pre-patch, it panicked three times in a row, as I said within a few seconds. > Post-patch I've looped the simpler scan for a while (10 minutes, or about 8-9 > runs) with no crash, and I also ran the more extensive one (which I doubt > makes any difference...) once. > Just for fun, I tried actually using nfsd while looping the scan, too. No > problems. > Ok, sounds good. It's already in the re@ queue, so it should make it into 8.0. If it does crap out again, please let the list (and me) know. Thanks for testing the patch, rick ps: Thanks mostly goes to pho@ for his "wicked" test scripts that found the crash that the above patch fixes + a bunch of others.