Date: Fri, 22 Jan 1999 12:25:08 +0000 (GMT) From: Doug Rabson <dfr@nlsystems.com> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: hackers@FreeBSD.ORG Subject: Re: sorflush() bug fix in uipc_usrreq.c -- need someone to review this Message-ID: <Pine.BSF.4.01.9901221224340.59627-100000@herring.nlsystems.com> In-Reply-To: <199901220529.VAA47602@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 21 Jan 1999, Matthew Dillon wrote: > This fix is currently comitted to -4.x. I don't want to backport it to > -3.x until I get an independant review. > > This code is ( I believe ) part of the message queue flushing for > typically unix domain sockets, relating to file descriptor passing. > This code is attempting to flush the in-transit file descriptors when > both sides of the connection go poof. > > The problem ( I believe ) is that it is calling sorflush() potentially > on non-sockets. While most uses of file descriptor passing pass only > sockets, if this bug is hit for those uses that do not, it could corrupt > kernel memory or cause a crash. > > I need someone to check the code and tell me I'm not blowing smoke before > I backport this :-) It looks right to me but I'm not very familiar with that section of code. -- Doug Rabson Mail: dfr@nlsystems.com Nonlinear Systems Ltd. Phone: +44 181 442 9037 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9901221224340.59627-100000>