From owner-freebsd-bugs Sun Oct 8 16:10: 5 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9A9DB37B66D for ; Sun, 8 Oct 2000 16:10:01 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id QAA45374; Sun, 8 Oct 2000 16:10:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from Guest.Forest.Od.UA (Guest.Forest.Od.UA [195.138.70.163]) by hub.freebsd.org (Postfix) with ESMTP id 6C37F37B66E for ; Sun, 8 Oct 2000 16:09:54 -0700 (PDT) Received: (from root@localhost) by Guest.Forest.Od.UA (8.11.0/8.11.0) id e98MwCE26166; Mon, 9 Oct 2000 01:58:12 +0300 (EEST) (envelope-from root) Message-Id: <200010082258.e98MwCE26166@Guest.Forest.Od.UA> Date: Mon, 9 Oct 2000 01:58:12 +0300 (EEST) From: Unicorn@Forest.Od.UA Reply-To: Unicorn@Forest.Od.UA To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/21845: crash, while tring to send udp via half-binded socket from jail Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 21845 >Category: kern >Synopsis: crash, while tring to send udp via half-binded socket from jail >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Oct 08 16:10:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: The Winged Unicorn >Release: FreeBSD 5.0-CURRENT i386 >Organization: Edem >Environment: jail >Description: While adding stuff for jail sockets binding limitations roll back before returning error was missed. `bind' returns an error, but socket became `half-binded', i.e. laddr was changed to some nonzero value. When `sendto' called, pcb of that socket proceed, but it's list fields still uninitialized. This leads to crash in sendto->...->in_pcbconnect->in_pcbrehash. >How-To-Repeat: Install jail, NIS/YP server on real system served passwd DB, NIS/YP client on jail system using shared passwd DB. Login using YP account and just type 'id', 'finger', or whatever. >Fix: Apply patch: cvs diff: Diffing . Index: in_pcb.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/in_pcb.c,v retrieving revision 1.67 diff -r1.67 in_pcb.c 273c273,274 < if (prison_ip(p, 0, &inp->inp_laddr.s_addr )) --- > if (prison_ip(p, 0, &inp->inp_laddr.s_addr )) { > inp->inp_laddr.s_addr = INADDR_ANY; /* roll back */ 274a276 > } 282c284,285 < if (p && (error = suser_xxx(0, p, PRISON_ROOT))) --- > if (p && (error = suser_xxx(0, p, PRISON_ROOT))) { > inp->inp_laddr.s_addr = INADDR_ANY; /* roll back */ 283a287 > } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message