Re: Panic from bad length parameter in bind (Possible DOS attack)
From: Ryan Sommers (ryans_at_gamersimpact.com)
Date: 04/04/04
- Previous message: Bjoern A. Zeeb: "compilation with NO_YP_LIBC"
- Maybe in reply to: Ryan Sommers: "Panic from bad length parameter in bind (Possible DOS attack)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 4 Apr 2004 13:59:34 -0600 (MDT) To: "Pawel Jakub Dawidek" <pjd@FreeBSD.org>
Pawel Jakub Dawidek said:
> On Sat, Apr 03, 2004 at 02:21:08PM -0700, Ryan Sommers wrote:
> +> Whenever I supply a length of 4 as the final bind parameter I get the
> +> following panic. Looks like bind returns fine, however, when the
> program
> +> exits it stumbles over some mutex associated with the descriptor. The
> +> mutex passed to mtx_destroy() has MTX_RECURSED set. I attempted to find
> +> where the call to bind was clobbering the mutex but couldn't. I
> attached
> +> the simple program to exploit this. I was able to do it as a regular
> user.
>
> Yes, could you try this patch:
>
> http://people.freebsd.org/~pjd/patches/tcp_usrreq.c.patch
That fixes it.
>
> --
> Pawel Jakub Dawidek http://www.FreeBSD.org
> pjd@FreeBSD.org http://garage.freebsd.pl
> FreeBSD committer Am I Evil? Yes, I Am!
>
-- Ryan Sommers ryans@gamersimpact.com _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
- Previous message: Bjoern A. Zeeb: "compilation with NO_YP_LIBC"
- Maybe in reply to: Ryan Sommers: "Panic from bad length parameter in bind (Possible DOS attack)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
