From owner-freebsd-bugs Sun May 18 06:10:04 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id GAA27635 for bugs-outgoing; Sun, 18 May 1997 06:10:04 -0700 (PDT) Received: (from gnats@localhost) by hub.freebsd.org (8.8.5/8.8.5) id GAA27617; Sun, 18 May 1997 06:10:03 -0700 (PDT) Resent-Date: Sun, 18 May 1997 06:10:03 -0700 (PDT) Resent-Message-Id: <199705181310.GAA27617@hub.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, Tor.Egge@idt.ntnu.no Received: from skarven.itea.ntnu.no (tegge@skarven.itea.ntnu.no [129.241.190.13]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA27567 for ; Sun, 18 May 1997 06:08:55 -0700 (PDT) Received: (from tegge@localhost) by skarven.itea.ntnu.no (8.8.5/8.8.5) id PAA00589; Sun, 18 May 1997 15:08:52 +0200 (CEST) Message-Id: <199705181308.PAA00589@skarven.itea.ntnu.no> Date: Sun, 18 May 1997 15:08:52 +0200 (CEST) From: Tor Egge Reply-To: Tor.Egge@idt.ntnu.no To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: kern/3618: getsockname and getpeername may cause trap 12 Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >Number: 3618 >Category: kern >Synopsis: getsockname and getpeername may cause trap 12 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun May 18 06:10:02 PDT 1997 >Last-Modified: >Originator: Tor Egge >Organization: Norwegian University of Science and Technology, Trondheim, Norway >Release: FreeBSD 3.0-CURRENT i386 >Environment: FreeBSD skarven.itea.ntnu.no 3.0-CURRENT FreeBSD 3.0-CURRENT #1: Sun May 18 14:41:28 CEST 1997 root@skarven.itea.ntnu.no:/usr/src/sys/compile/SKARVEN i386 >Description: During the getsockname() or getpeername() call, a network interrupt might reset the connection, causing the socket to no longer have a pcb. If this happens at the wrong time, the system gets a trap 12. >How-To-Repeat: Run an FTP server with tcp wrappers installed on the system. Start a lot of connections to the ftp server, and close/reset the connections from the client side as soon as the connection is established. >Fix: Disallow network interrupts while the address is found and copied. Handle the case where the socket was disconnected before the network interrupts were disabled. Index: in_pcb.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/in_pcb.c,v retrieving revision 1.31 diff -c -r1.31 in_pcb.c *** in_pcb.c 1997/04/27 20:01:04 1.31 --- in_pcb.c 1997/05/18 12:50:35 *************** *** 470,478 **** --- 470,483 ---- struct socket *so; struct mbuf *nam; { + int s = splnet(); register struct inpcb *inp = sotoinpcb(so); register struct sockaddr_in *sin; + if (!inp) { + splx(s); + return EINVAL; + } nam->m_len = sizeof (*sin); sin = mtod(nam, struct sockaddr_in *); bzero((caddr_t)sin, sizeof (*sin)); *************** *** 480,485 **** --- 485,491 ---- sin->sin_len = sizeof(*sin); sin->sin_port = inp->inp_lport; sin->sin_addr = inp->inp_laddr; + splx(s); return 0; } *************** *** 488,496 **** --- 494,507 ---- struct socket *so; struct mbuf *nam; { + int s = splnet(); struct inpcb *inp = sotoinpcb(so); register struct sockaddr_in *sin; + if (!inp) { + splx(s); + return EINVAL; + } nam->m_len = sizeof (*sin); sin = mtod(nam, struct sockaddr_in *); bzero((caddr_t)sin, sizeof (*sin)); *************** *** 498,503 **** --- 509,515 ---- sin->sin_len = sizeof(*sin); sin->sin_port = inp->inp_fport; sin->sin_addr = inp->inp_faddr; + splx(s); return 0; } >Audit-Trail: >Unformatted: