FreeBSD Mail Archives

Date:      Wed, 7 Feb 2001 15:17:34 -0500 (EST)
From:      Robert Watson <rwatson@freebsd.org>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        net@freebsd.org, security-officer@freebsd.org
Subject:   Re: [itojun@iijlab.net: accept(2) behavior with tcp RST right after handshake]
Message-ID:  <Pine.NEB.3.96L.1010207151348.9865C-100000@fledge.watson.org>
In-Reply-To: <20010207101417.A28791@mollari.cthul.hu>


Won't comment on the implementation as I have't had a chance to review it
yet, but the description sounds right, and compatible with

  http://www.opengroup.org/orc/DOCS/XNS/text/accept.htm
  http://www.fifi.org/cgi-bin/man2html/usr/share/man/man2/accept.2.gz

There are some interesting comments with noting in a quote in

  http://www.humanfactor.com/cgi-bin/cgi-delegate/apache-ML/nh/1997/Jan/1176.html

I hope to take a look at the implementation this evening.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

On Wed, 7 Feb 2001, Kris Kennaway wrote:

> Can anyone comment on this patch?
> 
> http://www.kame.net/dev/cvsweb.cgi/kame/freebsd4/sys/kern/uipc_socket.c
> 
> Kris
> 
> ----- Forwarded message from itojun@iijlab.net -----
> 
> Delivered-To: kkenn@localhost.obsecurity.org
> Delivered-To: kris@freebsd.org
> To: merge@kame.net
> Subject: accept(2) behavior with tcp RST right after handshake
> X-Template-Reply-To: itojun@itojun.org
> X-Template-Return-Receipt-To: itojun@itojun.org
> X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD  90 5F B4 60 79 54 16 E2
> From: itojun@iijlab.net
> Date: Wed, 07 Feb 2001 21:39:49 +0900
> X-UIDL: aff7d2fbee72775e2137abcde0bef0d0
> 
> 	i believe you will want to merge this.
> 	scenario:
> 	- you are listening to tcp port
> 	- someone comes in, handshake (SYN, SYNACK, ACK)
> 	- someone sends RST
> 	- your server issues accept(2)
> 	previous behavior: accept(2) returns successful result with zero-
> 		length sockaddr.
> 	new behavior: return ECONNABORTED.
> 
> 	effect:
> 	- if someone runs nmap against your machine, and you are unlucky,
> 	  your server listening to tcp port (like BIND9) can get
> 	  segv/abort due to unexpected zero-length sockaddr + successful
> 	  error return on accept(2).
> 
> itojun
> 
> ------- Forwarded Messages
> 
> Return-Path: owner-cvs-kame@kame.net
> Return-Path: <owner-cvs-kame@kame.net>
> Received: from orange.kame.net (orange.kame.net [203.178.141.194])
> 	by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id VAA00242
> 	for <itojun@itojun.org>; Wed, 7 Feb 2001 21:35:16 +0900 (JST)
> Received: (from daemon@localhost)
> 	by orange.kame.net (8.9.3+3.2W/3.7W/smtpfeed 1.06) id VAA48429;
> 	Wed, 7 Feb 2001 21:35:16 +0900 (JST)
> Received: (from itojun@localhost)
> 	by orange.kame.net (8.9.3+3.2W/3.7W) id VAA48423;
> 	Wed, 7 Feb 2001 21:35:15 +0900 (JST)
> Date: Wed, 7 Feb 2001 21:35:15 +0900 (JST)
> From: Jun-ichiro itojun Hagino <itojun@kame.net>
> Message-Id: <200102071235.VAA48423@orange.kame.net>
> To: cvs-kame:;
> Subject: kame cvs commit: kame/freebsd4/sys/kern uipc_socket.c kame/netbsd/sys/kern
>          uipc_socket.c kame/openbsd/sys/kern uipc_socket.c
> Reply-to: core@kame.net
> X-Filter: mailagent [version 3.0 PL68] for itojun@itojun.org
> 
> itojun      2001/02/07 21:35:15 JST
> 
>   Modified files:
>     freebsd4/sys/kern    uipc_socket.c 
>     netbsd/sys/kern      uipc_socket.c 
>     openbsd/sys/kern     uipc_socket.c 
>   Log:
>   return ECONNABORTED, if the socket (tcp connection for example)
>   is disconnected by RST right before accept(2).  fixes PR 10698/12027.
>   checked with SUSv2, XNET 5.2, and Stevens (unix network programming
>   vol 1 2nd ed) section 5.11.
>   
>   Revision  Changes    Path
>   1.2       +243 -10   kame/freebsd4/sys/kern/uipc_socket.c
>   1.3       +1 -1      kame/netbsd/sys/kern/uipc_socket.c
>   1.3       +1 -1      kame/openbsd/sys/kern/uipc_socket.c
> 
> ------- Message 2
> 
> Return-Path: owner-cvs-kame-local@kame.net
> Return-Path: <owner-cvs-kame-local@kame.net>
> Received: from orange.kame.net (orange.kame.net [203.178.141.194])
> 	by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id VAA00253
> 	for <itojun@itojun.org>; Wed, 7 Feb 2001 21:35:20 +0900 (JST)
> Received: (from itojun@localhost)
> 	by orange.kame.net (8.9.3+3.2W/3.7W/smtpfeed 1.06) id VAA48466;
> 	Wed, 7 Feb 2001 21:35:19 +0900 (JST)
> Date: Wed, 7 Feb 2001 21:35:19 +0900 (JST)
> From: Jun-ichiro itojun Hagino <itojun@kame.net>
> Message-Id: <200102071235.VAA48466@orange.kame.net>
> To: cvs-kame-local@kame.net
> Subject: kame-local cvs commit: kame/bsdi4/sys/kern uipc_socket.c
> X-Filter: mailagent [version 3.0 PL68] for itojun@itojun.org
> 
> itojun      2001/02/07 21:35:19 JST
> 
>   Modified files:
>     bsdi4/sys/kern       uipc_socket.c 
>   Log:
>   return ECONNABORTED, if the socket (tcp connection for example)
>   is disconnected by RST right before accept(2).  fixes PR 10698/12027.
>   checked with SUSv2, XNET 5.2, and Stevens (unix network programming
>   vol 1 2nd ed) section 5.11.
>   
>   Revision  Changes    Path
>   1.4       +1 -1      kame/bsdi4/sys/kern/uipc_socket.c
> 
> ------- End of Forwarded Messages
> 
> 
> 
> ----- End forwarded message -----
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010207151348.9865C-100000>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation