Date: Wed, 07 Feb 2001 10:14:18 -0800 From: Kris Kennaway <kris@obsecurity.org> To: net@freebsd.org, security-officer@freebsd.org Subject: [itojun@iijlab.net: accept(2) behavior with tcp RST right after handshake] Message-ID: <20010207101417.A28791@mollari.cthul.hu>
next in thread | raw e-mail | index | archive | help
--5vNYLRcllDrimb99 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Can anyone comment on this patch? http://www.kame.net/dev/cvsweb.cgi/kame/freebsd4/sys/kern/uipc_socket.c Kris ----- Forwarded message from itojun@iijlab.net ----- Delivered-To: kkenn@localhost.obsecurity.org Delivered-To: kris@freebsd.org To: merge@kame.net Subject: accept(2) behavior with tcp RST right after handshake X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 From: itojun@iijlab.net Date: Wed, 07 Feb 2001 21:39:49 +0900 X-UIDL: aff7d2fbee72775e2137abcde0bef0d0 i believe you will want to merge this. scenario: - you are listening to tcp port - someone comes in, handshake (SYN, SYNACK, ACK) - someone sends RST - your server issues accept(2) previous behavior: accept(2) returns successful result with zero- length sockaddr. new behavior: return ECONNABORTED. effect: - if someone runs nmap against your machine, and you are unlucky, your server listening to tcp port (like BIND9) can get segv/abort due to unexpected zero-length sockaddr + successful error return on accept(2). itojun ------- Forwarded Messages Return-Path: owner-cvs-kame@kame.net Return-Path: <owner-cvs-kame@kame.net> Received: from orange.kame.net (orange.kame.net [203.178.141.194]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id VAA00242 for <itojun@itojun.org>; Wed, 7 Feb 2001 21:35:16 +0900 (JST) Received: (from daemon@localhost) by orange.kame.net (8.9.3+3.2W/3.7W/smtpfeed 1.06) id VAA48429; Wed, 7 Feb 2001 21:35:16 +0900 (JST) Received: (from itojun@localhost) by orange.kame.net (8.9.3+3.2W/3.7W) id VAA48423; Wed, 7 Feb 2001 21:35:15 +0900 (JST) Date: Wed, 7 Feb 2001 21:35:15 +0900 (JST) From: Jun-ichiro itojun Hagino <itojun@kame.net> Message-Id: <200102071235.VAA48423@orange.kame.net> To: cvs-kame:; Subject: kame cvs commit: kame/freebsd4/sys/kern uipc_socket.c kame/netbsd/= sys/kern uipc_socket.c kame/openbsd/sys/kern uipc_socket.c Reply-to: core@kame.net X-Filter: mailagent [version 3.0 PL68] for itojun@itojun.org itojun 2001/02/07 21:35:15 JST Modified files: freebsd4/sys/kern uipc_socket.c=20 netbsd/sys/kern uipc_socket.c=20 openbsd/sys/kern uipc_socket.c=20 Log: return ECONNABORTED, if the socket (tcp connection for example) is disconnected by RST right before accept(2). fixes PR 10698/12027. checked with SUSv2, XNET 5.2, and Stevens (unix network programming vol 1 2nd ed) section 5.11. =20 Revision Changes Path 1.2 +243 -10 kame/freebsd4/sys/kern/uipc_socket.c 1.3 +1 -1 kame/netbsd/sys/kern/uipc_socket.c 1.3 +1 -1 kame/openbsd/sys/kern/uipc_socket.c ------- Message 2 Return-Path: owner-cvs-kame-local@kame.net Return-Path: <owner-cvs-kame-local@kame.net> Received: from orange.kame.net (orange.kame.net [203.178.141.194]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id VAA00253 for <itojun@itojun.org>; Wed, 7 Feb 2001 21:35:20 +0900 (JST) Received: (from itojun@localhost) by orange.kame.net (8.9.3+3.2W/3.7W/smtpfeed 1.06) id VAA48466; Wed, 7 Feb 2001 21:35:19 +0900 (JST) Date: Wed, 7 Feb 2001 21:35:19 +0900 (JST) From: Jun-ichiro itojun Hagino <itojun@kame.net> Message-Id: <200102071235.VAA48466@orange.kame.net> To: cvs-kame-local@kame.net Subject: kame-local cvs commit: kame/bsdi4/sys/kern uipc_socket.c X-Filter: mailagent [version 3.0 PL68] for itojun@itojun.org itojun 2001/02/07 21:35:19 JST Modified files: bsdi4/sys/kern uipc_socket.c=20 Log: return ECONNABORTED, if the socket (tcp connection for example) is disconnected by RST right before accept(2). fixes PR 10698/12027. checked with SUSv2, XNET 5.2, and Stevens (unix network programming vol 1 2nd ed) section 5.11. =20 Revision Changes Path 1.4 +1 -1 kame/bsdi4/sys/kern/uipc_socket.c ------- End of Forwarded Messages ----- End forwarded message ----- --5vNYLRcllDrimb99 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6gZB5Wry0BWjoQKURAs2KAKD5KiANKY0SY1HZCIc+J9EZkpH/bQCfb1D3 3CMK+LoXzPSOciTi/KXwOIY= =MyXZ -----END PGP SIGNATURE----- --5vNYLRcllDrimb99-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010207101417.A28791>