Date: Thu, 3 Feb 2011 17:19:40 +0100 From: Egoitz Aurrekoetxea Aurre <egoitz@ramattack.net> To: freebsd-security@freebsd.org Subject: Re: Recent full disclosure post - Local DOS Message-ID: <EED67904-5DAC-4A32-954B-6C53FAF48CF1@ramattack.net> In-Reply-To: <4D473A53.6000602@freebsd.org> References: <4D42D2B2.4030806@tomjudge.com> <201101281209.51046.john@baldwin.cx> <4D42FF0E.9030407@tomjudge.com> <201101281427.19212.jhb@freebsd.org> <20110129003032.GA16316@movsx> <4D473A53.6000602@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all, So then, this just crashes in current?? else... is it known which kernel = nic drivers cause this?. I have attempted to crash a 8.1-release on = vmware fusion virtual machine without success... Thanks a lot!, Bye! El 31/01/2011, a las 23:40, Lawrence Stewart escribi=F3: > On 01/29/11 11:30, Christian Peron wrote: >> On Fri, Jan 28, 2011 at 02:27:18PM -0500, John Baldwin wrote: >> [..] >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>> --- tcp_usrreq.c (revision 218018) >>> +++ tcp_usrreq.c (working copy) >>> @@ -1330,7 +1330,8 @@ tcp_ctloutput(struct socket *so, struct = sockopt *s >>> tp->t_flags |=3D TF_NOPUSH; >>> else { >>> tp->t_flags &=3D ~TF_NOPUSH; >>> - error =3D tcp_output(tp); >>> + if (TCPS_HAVEESTABLISHED(tp->t_state)) >>> + error =3D tcp_output(tp); >>> } >>> INP_WUNLOCK(inp); >>> break; >>=20 >> I was thinking of correcting it the same way.. I might even do = something >> like: >>=20 >> else { >> if (tp->t_flags & TF_NOPUSH) { >> tp->t_flags &=3D ~TF_NOPUSH; >> if (TCPS_HAVEESTABLISHED(tp->t_state)) >> error =3D tcp_output(tp); >> } >> } >>=20 >> By default, this mask is not set.. so un-setting it and calling = tcp_output()=20 >> if it was not already set seems wasteful >=20 > Apologies for tuning in late, but FWIW I concur and think the above > patch is appropriate. >=20 > Cheers, > Lawrence > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EED67904-5DAC-4A32-954B-6C53FAF48CF1>