Date: Sun, 2 Jul 1995 20:41:04 +0100 (BST) From: Karl Strickland <karl@bagpuss.demon.co.uk> To: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> Cc: joerg@freefall.cdrom.com, CVS-commiters@freefall.cdrom.com, cvs-sys@freefall.cdrom.com Subject: Re: cvs commit: src/sys/netinet ip_output.c Message-ID: <199507021941.UAA05771@bagpuss.demon.co.uk> In-Reply-To: <199507020733.AAA15991@gndrsh.aac.dev.com> from "Rodney W. Grimes" at Jul 2, 95 00:33:07 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > > joerg 95/07/01 12:09:41 > > > > Modified: sys/netinet ip_output.c > > Log: > > I saw a very low-key commit message on the netbsd mailing lists and > > figured out what the problem was.. Anyway, I rate it as "highly > > serious". > > That is ``where'' it came from, there should be an annotation about > ``what'' it changed, and normally ``why'', we should not try to hide > holes that crash systems from our uses, they need to know about them. > > > Submitted by: peter@haywire.DIALix.COM (Peter Wemm) > > > Seems a program such as the following can cause a crash with a NULL ptr dereference: main() { int s; s = socket(AF_INET, SOCK_STREAM, 0); setsockopt(s, IPPROTO_IP, IP_TOS, NULL, 0); } For some of the new IP options in net/3, the NULL mbuf ptr is not checked for before it is dereferenced. -- ------------------------------------------+----------------------------------- Mailed using ELM on FreeBSD | Karl Strickland PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199507021941.UAA05771>