Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 3 Feb 2011 17:19:40 +0100
From:      Egoitz Aurrekoetxea Aurre <egoitz@ramattack.net>
To:        freebsd-security@freebsd.org
Subject:   Re: Recent full disclosure post - Local DOS
Message-ID:  <EED67904-5DAC-4A32-954B-6C53FAF48CF1@ramattack.net>
In-Reply-To: <4D473A53.6000602@freebsd.org>
References:  <4D42D2B2.4030806@tomjudge.com> <201101281209.51046.john@baldwin.cx> <4D42FF0E.9030407@tomjudge.com> <201101281427.19212.jhb@freebsd.org> <20110129003032.GA16316@movsx> <4D473A53.6000602@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hi all,

So then, this just crashes in current?? else... is it known which kernel nic drivers cause this?. I have attempted to crash a 8.1-release on vmware fusion virtual machine without success...

Thanks a lot!,
Bye!


El 31/01/2011, a las 23:40, Lawrence Stewart escribió:

> On 01/29/11 11:30, Christian Peron wrote:
>> On Fri, Jan 28, 2011 at 02:27:18PM -0500, John Baldwin wrote:
>> [..]
>>> ===================================================================
>>> --- tcp_usrreq.c	(revision 218018)
>>> +++ tcp_usrreq.c	(working copy)
>>> @@ -1330,7 +1330,8 @@ tcp_ctloutput(struct socket *so, struct sockopt *s
>>> 				tp->t_flags |= TF_NOPUSH;
>>> 			else {
>>> 				tp->t_flags &= ~TF_NOPUSH;
>>> -				error = tcp_output(tp);
>>> +				if (TCPS_HAVEESTABLISHED(tp->t_state))
>>> +					error = tcp_output(tp);
>>> 			}
>>> 			INP_WUNLOCK(inp);
>>> 			break;
>> 
>> I was thinking of correcting it the same way.. I might even do something
>> like:
>> 
>> 	else {
>> 		if (tp->t_flags & TF_NOPUSH) {
>> 			tp->t_flags &= ~TF_NOPUSH;
>> 			if (TCPS_HAVEESTABLISHED(tp->t_state))
>> 				error = tcp_output(tp);
>> 		}
>> 	}
>> 
>> By default, this mask is not set.. so un-setting it and calling tcp_output() 
>> if it was not already set seems wasteful
> 
> Apologies for tuning in late, but FWIW I concur and think the above
> patch is appropriate.
> 
> Cheers,
> Lawrence
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EED67904-5DAC-4A32-954B-6C53FAF48CF1>