From owner-freebsd-net Wed Feb 7 11:16: 9 2001 Delivered-To: freebsd-net@freebsd.org Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by hub.freebsd.org (Postfix) with ESMTP id 267FF37B503; Wed, 7 Feb 2001 11:15:42 -0800 (PST) Received: from xor.obsecurity.org ([64.165.226.103]) by mta6.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0G8E006HTFVGMT@mta6.snfc21.pbi.net>; Wed, 7 Feb 2001 10:12:56 -0800 (PST) Received: by xor.obsecurity.org (Postfix, from userid 1000) id 261596739A; Wed, 07 Feb 2001 10:14:18 -0800 (PST) Date: Wed, 07 Feb 2001 10:14:18 -0800 From: Kris Kennaway Subject: [itojun@iijlab.net: accept(2) behavior with tcp RST right after handshake] To: net@freebsd.org, security-officer@freebsd.org Message-id: <20010207101417.A28791@mollari.cthul.hu> MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="5vNYLRcllDrimb99" Content-disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --5vNYLRcllDrimb99 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Can anyone comment on this patch? http://www.kame.net/dev/cvsweb.cgi/kame/freebsd4/sys/kern/uipc_socket.c Kris ----- Forwarded message from itojun@iijlab.net ----- Delivered-To: kkenn@localhost.obsecurity.org Delivered-To: kris@freebsd.org To: merge@kame.net Subject: accept(2) behavior with tcp RST right after handshake X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 From: itojun@iijlab.net Date: Wed, 07 Feb 2001 21:39:49 +0900 X-UIDL: aff7d2fbee72775e2137abcde0bef0d0 i believe you will want to merge this. scenario: - you are listening to tcp port - someone comes in, handshake (SYN, SYNACK, ACK) - someone sends RST - your server issues accept(2) previous behavior: accept(2) returns successful result with zero- length sockaddr. new behavior: return ECONNABORTED. effect: - if someone runs nmap against your machine, and you are unlucky, your server listening to tcp port (like BIND9) can get segv/abort due to unexpected zero-length sockaddr + successful error return on accept(2). itojun ------- Forwarded Messages Return-Path: owner-cvs-kame@kame.net Return-Path: Received: from orange.kame.net (orange.kame.net [203.178.141.194]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id VAA00242 for ; Wed, 7 Feb 2001 21:35:16 +0900 (JST) Received: (from daemon@localhost) by orange.kame.net (8.9.3+3.2W/3.7W/smtpfeed 1.06) id VAA48429; Wed, 7 Feb 2001 21:35:16 +0900 (JST) Received: (from itojun@localhost) by orange.kame.net (8.9.3+3.2W/3.7W) id VAA48423; Wed, 7 Feb 2001 21:35:15 +0900 (JST) Date: Wed, 7 Feb 2001 21:35:15 +0900 (JST) From: Jun-ichiro itojun Hagino Message-Id: <200102071235.VAA48423@orange.kame.net> To: cvs-kame:; Subject: kame cvs commit: kame/freebsd4/sys/kern uipc_socket.c kame/netbsd/= sys/kern uipc_socket.c kame/openbsd/sys/kern uipc_socket.c Reply-to: core@kame.net X-Filter: mailagent [version 3.0 PL68] for itojun@itojun.org itojun 2001/02/07 21:35:15 JST Modified files: freebsd4/sys/kern uipc_socket.c=20 netbsd/sys/kern uipc_socket.c=20 openbsd/sys/kern uipc_socket.c=20 Log: return ECONNABORTED, if the socket (tcp connection for example) is disconnected by RST right before accept(2). fixes PR 10698/12027. checked with SUSv2, XNET 5.2, and Stevens (unix network programming vol 1 2nd ed) section 5.11. =20 Revision Changes Path 1.2 +243 -10 kame/freebsd4/sys/kern/uipc_socket.c 1.3 +1 -1 kame/netbsd/sys/kern/uipc_socket.c 1.3 +1 -1 kame/openbsd/sys/kern/uipc_socket.c ------- Message 2 Return-Path: owner-cvs-kame-local@kame.net Return-Path: Received: from orange.kame.net (orange.kame.net [203.178.141.194]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id VAA00253 for ; Wed, 7 Feb 2001 21:35:20 +0900 (JST) Received: (from itojun@localhost) by orange.kame.net (8.9.3+3.2W/3.7W/smtpfeed 1.06) id VAA48466; Wed, 7 Feb 2001 21:35:19 +0900 (JST) Date: Wed, 7 Feb 2001 21:35:19 +0900 (JST) From: Jun-ichiro itojun Hagino Message-Id: <200102071235.VAA48466@orange.kame.net> To: cvs-kame-local@kame.net Subject: kame-local cvs commit: kame/bsdi4/sys/kern uipc_socket.c X-Filter: mailagent [version 3.0 PL68] for itojun@itojun.org itojun 2001/02/07 21:35:19 JST Modified files: bsdi4/sys/kern uipc_socket.c=20 Log: return ECONNABORTED, if the socket (tcp connection for example) is disconnected by RST right before accept(2). fixes PR 10698/12027. checked with SUSv2, XNET 5.2, and Stevens (unix network programming vol 1 2nd ed) section 5.11. =20 Revision Changes Path 1.4 +1 -1 kame/bsdi4/sys/kern/uipc_socket.c ------- End of Forwarded Messages ----- End forwarded message ----- --5vNYLRcllDrimb99 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6gZB5Wry0BWjoQKURAs2KAKD5KiANKY0SY1HZCIc+J9EZkpH/bQCfb1D3 3CMK+LoXzPSOciTi/KXwOIY= =MyXZ -----END PGP SIGNATURE----- --5vNYLRcllDrimb99-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message