From owner-freebsd-security@FreeBSD.ORG Thu Feb 3 16:35:29 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE165106566C for ; Thu, 3 Feb 2011 16:35:29 +0000 (UTC) (envelope-from egoitz@ramattack.net) Received: from ks200575.kimsufi.com (ks200575.kimsufi.com [91.121.111.71]) by mx1.freebsd.org (Postfix) with ESMTP id 782978FC20 for ; Thu, 3 Feb 2011 16:35:29 +0000 (UTC) Received: from [192.168.1.154] (unknown [195.16.138.2]) by ks200575.kimsufi.com (Postfix) with ESMTPSA id 06410B224 for ; Thu, 3 Feb 2011 17:19:26 +0000 (UTC) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Apple Message framework v1082) From: Egoitz Aurrekoetxea Aurre In-Reply-To: <4D473A53.6000602@freebsd.org> Date: Thu, 3 Feb 2011 17:19:40 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <4D42D2B2.4030806@tomjudge.com> <201101281209.51046.john@baldwin.cx> <4D42FF0E.9030407@tomjudge.com> <201101281427.19212.jhb@freebsd.org> <20110129003032.GA16316@movsx> <4D473A53.6000602@freebsd.org> To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.1082) Subject: Re: Recent full disclosure post - Local DOS X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2011 16:35:30 -0000 Hi all, So then, this just crashes in current?? else... is it known which kernel = nic drivers cause this?. I have attempted to crash a 8.1-release on = vmware fusion virtual machine without success... Thanks a lot!, Bye! El 31/01/2011, a las 23:40, Lawrence Stewart escribi=F3: > On 01/29/11 11:30, Christian Peron wrote: >> On Fri, Jan 28, 2011 at 02:27:18PM -0500, John Baldwin wrote: >> [..] >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>> --- tcp_usrreq.c (revision 218018) >>> +++ tcp_usrreq.c (working copy) >>> @@ -1330,7 +1330,8 @@ tcp_ctloutput(struct socket *so, struct = sockopt *s >>> tp->t_flags |=3D TF_NOPUSH; >>> else { >>> tp->t_flags &=3D ~TF_NOPUSH; >>> - error =3D tcp_output(tp); >>> + if (TCPS_HAVEESTABLISHED(tp->t_state)) >>> + error =3D tcp_output(tp); >>> } >>> INP_WUNLOCK(inp); >>> break; >>=20 >> I was thinking of correcting it the same way.. I might even do = something >> like: >>=20 >> else { >> if (tp->t_flags & TF_NOPUSH) { >> tp->t_flags &=3D ~TF_NOPUSH; >> if (TCPS_HAVEESTABLISHED(tp->t_state)) >> error =3D tcp_output(tp); >> } >> } >>=20 >> By default, this mask is not set.. so un-setting it and calling = tcp_output()=20 >> if it was not already set seems wasteful >=20 > Apologies for tuning in late, but FWIW I concur and think the above > patch is appropriate. >=20 > Cheers, > Lawrence > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org"