From owner-freebsd-bugs Sat Apr 6 7: 0:23 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C66EF37B417 for ; Sat, 6 Apr 2002 07:00:05 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g36F05w90897; Sat, 6 Apr 2002 07:00:05 -0800 (PST) (envelope-from gnats) Received: from green.shallow.net (c16486.smelb1.vic.optusnet.com.au [210.49.224.105]) by hub.freebsd.org (Postfix) with ESMTP id 81CEB37B417 for ; Sat, 6 Apr 2002 06:58:31 -0800 (PST) Received: by green.shallow.net (Postfix, from userid 1001) id BFC9D3EAA; Sat, 6 Apr 2002 23:29:11 +1000 (EST) Message-Id: <20020406132911.BFC9D3EAA@green.shallow.net> Date: Sat, 6 Apr 2002 23:29:11 +1000 (EST) From: Joshua Goodall Reply-To: Joshua Goodall To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/36813: un-bzero'd sin_zero causes bind() in PF_INET to fail Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 36813 >Category: kern >Synopsis: un-bzero'd sin_zero causes bind() in PF_INET to fail >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Apr 06 07:00:05 PST 2002 >Closed-Date: >Last-Modified: >Originator: Joshua Goodall >Release: FreeBSD 4.5-STABLE i386 >Organization: >Environment: System: FreeBSD green.shallow.net 4.5-STABLE FreeBSD 4.5-STABLE #2: Sat Mar 30 12:55:07 EST 2002 joshua@green.shallow.net:/usr/obj/usr/src/sys/GREEN i386 >Description: ifa_ifwithaddr compares rather more than is desirable; that is, the sin_zero struct element is also considered. As a result, bind() to addresses other that INADDR_ANY or multicast addresses fails if the struct was not bzero'd first, which although advisable, is not always the case (particularly in some third-party software). This is fixed in -current but not MFC'd. >How-To-Repeat: On an unfixed -stable kernel, this program only succeeded if invoked as "dobz": #include #include #include #include #include #include #include int main(int ac, char **av) { struct sockaddr_in sin; int on = 1, port = 2345, fd; u_long interface_address = 0x7f000001; if ((fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1) { perror("socket()"); exit(1); } sin.sin_family = AF_INET; sin.sin_port = htons(port); sin.sin_addr.s_addr= htonl(interface_address); if (strcmp(basename(*av), "dobz") == 0) bzero(sin.sin_zero, sizeof(sin.sin_zero)); if (bind(fd, (struct sockaddr *) &sin, sizeof(sin)) == -1) { fprintf(stderr, "bind() fd %d fam %d port %d addr %s errno %d %s\n", fd, sin.sin_family, (int)ntohs(sin.sin_port), inet_ntoa(sin.sin_addr.s_addr), errno, strerror(errno)); exit(1); } printf("succeeded!\n"); } >Fix: Index: sys/netinet/in_pcb.c =================================================================== RCS file: /cvs/src/sys/netinet/in_pcb.c,v retrieving revision 1.59.2.21 diff -u -r1.59.2.21 in_pcb.c --- sys/netinet/in_pcb.c 26 Feb 2002 18:11:24 -0000 1.59.2.21 +++ sys/netinet/in_pcb.c 6 Apr 2002 12:52:45 -0000 @@ -220,6 +220,7 @@ reuseport = SO_REUSEADDR|SO_REUSEPORT; } else if (sin->sin_addr.s_addr != INADDR_ANY) { sin->sin_port = 0; /* yech... */ + bzero(&sin->sin_zero, sizeof(sin->sin_zero)); if (ifa_ifwithaddr((struct sockaddr *)sin) == 0) return (EADDRNOTAVAIL); } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message