Date: Sun, 25 May 1997 16:00:26 +0200 (CEST) From: Åge Røbekk <aagero@aage.priv.no> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: kern/3678: bug in IPDIVERT code in -current Message-ID: <199705251400.QAA00470@aage.priv.no> Resent-Message-ID: <199705251410.HAA23323@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 3678
>Category: kern
>Synopsis: bug in IPDIVERT code in -current
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun May 25 07:10:01 PDT 1997
>Last-Modified:
>Originator: Åge Røbekk
>Organization:
>Release: FreeBSD 3.0-CURRENT i386
>Environment:
FreeBSD birk04.studby.uio.no 3.0-CURRENT FreeBSD 3.0-CURRENT #8: Sun May 25 15:43:56 CEST 1997 aagero@birk04.studby.uio.no:/usr/src/sys/compile/AAGE i386
built from the very latest sources, with peter wemm's latest changes in the
divert code.
>Description:
when binding to an divert socket, div_bind() in ip_divert.c calls
in_pcbbind() with an unset inpcb struct pointer, resulting in a
panic.
>How-To-Repeat:
pseudo-code:
int divsock;
divsock = socket(..., IPPROT_DIVERT);
bind(divsock, ...);
<panic>
>Fix:
--- ip_divert.c.old Sat May 24 19:23:11 1997
+++ ip_divert.c Sun May 25 15:53:43 1997
@@ -311,6 +311,7 @@
int s;
int error;
+ inp = sotoinpcb(so);
s = splnet();
error = in_pcbbind(inp, nam, p);
splx(s);
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705251400.QAA00470>