From owner-freebsd-security@FreeBSD.ORG Sat Jan 29 00:50:16 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2ED4B10656CF; Sat, 29 Jan 2011 00:50:16 +0000 (UTC) (envelope-from csjp@freebsd.org) Received: from mx-01queue01.mts.net (mx-01queue01.mts.net [142.161.3.10]) by mx1.freebsd.org (Postfix) with ESMTP id B054B8FC19; Sat, 29 Jan 2011 00:50:15 +0000 (UTC) Received: from wnpgmb021pw-sp03.mts.net ([10.204.128.23]) by mx-02mtaout02.mts.net with ESMTP id <20110129003139.PAVV13621.mx-02mtaout02.mts.net@wnpgmb021pw-sp03.mts.net>; Fri, 28 Jan 2011 18:31:39 -0600 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEAJLuQk3NyOgL/2dsb2JhbAClA3S7e4VPBIUY X-IronPort-AV: E=Sophos;i="4.60,394,1291615200"; d="scan'208";a="160216027" Received: from wnpgmb1308w-ad04-232-11.dynamic.mts.net (HELO movsx.my.domain) ([205.200.232.11]) by wnpgmb021pw-sp03.mts.net with ESMTP; 28 Jan 2011 18:31:39 -0600 Received: from movsx.my.domain (localhost [127.0.0.1]) by movsx.my.domain (8.14.4/8.14.3) with ESMTP id p0T0UXwC016407; Fri, 28 Jan 2011 18:30:48 -0600 (CST) (envelope-from csjp@movsx.my.domain) Received: (from csjp@localhost) by movsx.my.domain (8.14.4/8.14.3/Submit) id p0T0UWbV016406; Fri, 28 Jan 2011 18:30:32 -0600 (CST) (envelope-from csjp) Date: Fri, 28 Jan 2011 18:30:32 -0600 From: Christian Peron To: John Baldwin Message-ID: <20110129003032.GA16316@movsx> References: <4D42D2B2.4030806@tomjudge.com> <201101281209.51046.john@baldwin.cx> <4D42FF0E.9030407@tomjudge.com> <201101281427.19212.jhb@freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua" Content-Disposition: inline In-Reply-To: <201101281427.19212.jhb@freebsd.org> User-Agent: Mutt/1.4.2.3i Cc: Tom Judge , freebsd-security@freebsd.org, Bjoern Zeeb , Lawrence Stewart Subject: Re: Recent full disclosure post - Local DOS X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Jan 2011 00:50:16 -0000 --SUOF0GtieIMvvwua Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 28, 2011 at 02:27:18PM -0500, John Baldwin wrote: [..] > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- tcp_usrreq.c (revision 218018) > +++ tcp_usrreq.c (working copy) > @@ -1330,7 +1330,8 @@ tcp_ctloutput(struct socket *so, struct sockopt *s > tp->t_flags |=3D TF_NOPUSH; > else { > tp->t_flags &=3D ~TF_NOPUSH; > - error =3D tcp_output(tp); > + if (TCPS_HAVEESTABLISHED(tp->t_state)) > + error =3D tcp_output(tp); > } > INP_WUNLOCK(inp); > break; I was thinking of correcting it the same way.. I might even do something like: else { if (tp->t_flags & TF_NOPUSH) { tp->t_flags &=3D ~TF_NOPUSH; if (TCPS_HAVEESTABLISHED(tp->t_state)) error =3D tcp_output(tp); } } By default, this mask is not set.. so un-setting it and calling tcp_output(= )=20 if it was not already set seems wasteful --=20 () ascii ribbon campaign - against html e-mail=20 /\ www.asciiribbon.org - against proprietary attachments --SUOF0GtieIMvvwua Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAk1DX6gACgkQzHFpVAM/ozy8bQCeNtF3+gblw3B8qOCKMV64LhEO sTcAn1WHorzA33/saFpWaoaEbmUoUenG =bNbf -----END PGP SIGNATURE----- --SUOF0GtieIMvvwua--