From owner-freebsd-net  Wed Feb  7 20:29:26 2001
Delivered-To: freebsd-net@freebsd.org
Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97])
	by hub.freebsd.org (Postfix) with ESMTP
	id F0F9D37B401; Wed,  7 Feb 2001 20:29:07 -0800 (PST)
Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1])
	by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id NAA12241;
	Thu, 8 Feb 2001 13:28:55 +0900 (JST)
To: Kris Kennaway <kris@obsecurity.org>
Cc: net@freebsd.org, security-officer@freebsd.org
In-reply-to: kris's message of Wed, 07 Feb 2001 10:14:18 PST.
      <20010207101417.A28791@mollari.cthul.hu>
X-Template-Reply-To: itojun@itojun.org
X-Template-Return-Receipt-To: itojun@itojun.org
X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD  90 5F B4 60 79 54 16 E2
Subject: Re: [itojun@iijlab.net: accept(2) behavior with tcp RST right after handshake]
From: itojun@iijlab.net
Date: Thu, 08 Feb 2001 13:28:55 +0900
Message-ID: <12239.981606535@coconut.itojun.org>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>	i believe you will want to merge this.
>	scenario:
>	- you are listening to tcp port
>	- someone comes in, handshake (SYN, SYNACK, ACK)
>	- someone sends RST
>	- your server issues accept(2)
>	previous behavior: accept(2) returns successful result with zero-
>		length sockaddr.
>	new behavior: return ECONNABORTED.
>
>	effect:
>	- if someone runs nmap against your machine, and you are unlucky,
>	  your server listening to tcp port (like BIND9) can get
>	  segv/abort due to unexpected zero-length sockaddr + successful
>	  error return on accept(2).

	FYI:

	9.1.0 had assert() against sockaddr returned by accept(2).  therefore
	BIND 9.1.0 will get killed (or go suicide) by remote nmap with
	"previous (kernel) behavior" presented above.
	(it will only happen you are very unlucky - it is timing issue)

	BIND 9.1.1rc1 now includes workaround (no assert).

itojun


> 727.   [port]          Work around OS bug where accept() succeeds but
>                        fails to fill in the peer address of the accepted
>                        connection, by treating it as an error rather than
>                        an assertion failure. [RT #809]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message