Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 2 Jul 1995 20:41:04 +0100 (BST)
From:      Karl Strickland <karl@bagpuss.demon.co.uk>
To:        "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com>
Cc:        joerg@freefall.cdrom.com, CVS-commiters@freefall.cdrom.com, cvs-sys@freefall.cdrom.com
Subject:   Re: cvs commit: src/sys/netinet ip_output.c
Message-ID:  <199507021941.UAA05771@bagpuss.demon.co.uk>
In-Reply-To: <199507020733.AAA15991@gndrsh.aac.dev.com> from "Rodney W. Grimes" at Jul 2, 95 00:33:07 am

next in thread | previous in thread | raw e-mail | index | archive | help
> 
> > 
> > joerg       95/07/01 12:09:41
> > 
> >   Modified:    sys/netinet  ip_output.c
> >   Log:
> >   I saw a very low-key commit message on the netbsd mailing lists and
> >   figured out what the problem was..  Anyway, I rate it as "highly
> >   serious".
> 
> That is ``where'' it came from, there should be an annotation about
> ``what'' it changed, and normally ``why'', we should not try to hide
> holes that crash systems from our uses, they need to know about them.
> 
> >   Submitted by:	peter@haywire.DIALix.COM (Peter Wemm)
> > 
> 

Seems a program such as the following can cause a crash with a NULL ptr
dereference:


	main()
	{
		int s;
		s = socket(AF_INET, SOCK_STREAM, 0);
		setsockopt(s, IPPROTO_IP, IP_TOS, NULL, 0);
	}

For some of the new IP options in net/3, the NULL mbuf ptr is not checked for
before it is dereferenced.
-- 
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD               |                    Karl Strickland
PGP 2.3a Public Key Available.            | Internet: karl@bagpuss.demon.co.uk
                                          |



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199507021941.UAA05771>