Date: Thu, 3 Feb 2011 17:19:40 +0100 From: Egoitz Aurrekoetxea Aurre <egoitz@ramattack.net> To: freebsd-security@freebsd.org Subject: Re: Recent full disclosure post - Local DOS Message-ID: <EED67904-5DAC-4A32-954B-6C53FAF48CF1@ramattack.net> In-Reply-To: <4D473A53.6000602@freebsd.org> References: <4D42D2B2.4030806@tomjudge.com> <201101281209.51046.john@baldwin.cx> <4D42FF0E.9030407@tomjudge.com> <201101281427.19212.jhb@freebsd.org> <20110129003032.GA16316@movsx> <4D473A53.6000602@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all,
So then, this just crashes in current?? else... is it known which kernel =
nic drivers cause this?. I have attempted to crash a 8.1-release on =
vmware fusion virtual machine without success...
Thanks a lot!,
Bye!
El 31/01/2011, a las 23:40, Lawrence Stewart escribi=F3:
> On 01/29/11 11:30, Christian Peron wrote:
>> On Fri, Jan 28, 2011 at 02:27:18PM -0500, John Baldwin wrote:
>> [..]
>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>> --- tcp_usrreq.c (revision 218018)
>>> +++ tcp_usrreq.c (working copy)
>>> @@ -1330,7 +1330,8 @@ tcp_ctloutput(struct socket *so, struct =
sockopt *s
>>> tp->t_flags |=3D TF_NOPUSH;
>>> else {
>>> tp->t_flags &=3D ~TF_NOPUSH;
>>> - error =3D tcp_output(tp);
>>> + if (TCPS_HAVEESTABLISHED(tp->t_state))
>>> + error =3D tcp_output(tp);
>>> }
>>> INP_WUNLOCK(inp);
>>> break;
>>=20
>> I was thinking of correcting it the same way.. I might even do =
something
>> like:
>>=20
>> else {
>> if (tp->t_flags & TF_NOPUSH) {
>> tp->t_flags &=3D ~TF_NOPUSH;
>> if (TCPS_HAVEESTABLISHED(tp->t_state))
>> error =3D tcp_output(tp);
>> }
>> }
>>=20
>> By default, this mask is not set.. so un-setting it and calling =
tcp_output()=20
>> if it was not already set seems wasteful
>=20
> Apologies for tuning in late, but FWIW I concur and think the above
> patch is appropriate.
>=20
> Cheers,
> Lawrence
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to =
"freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EED67904-5DAC-4A32-954B-6C53FAF48CF1>