Recent full disclosure post - Local DOS

Egoitz Aurrekoetxea Aurre egoitz at ramattack.net
Thu Feb 3 16:35:30 UTC 2011


Hi all,

So then, this just crashes in current?? else... is it known which kernel nic drivers cause this?. I have attempted to crash a 8.1-release on vmware fusion virtual machine without success...

Thanks a lot!,
Bye!


El 31/01/2011, a las 23:40, Lawrence Stewart escribió:

> On 01/29/11 11:30, Christian Peron wrote:
>> On Fri, Jan 28, 2011 at 02:27:18PM -0500, John Baldwin wrote:
>> [..]
>>> ===================================================================
>>> --- tcp_usrreq.c	(revision 218018)
>>> +++ tcp_usrreq.c	(working copy)
>>> @@ -1330,7 +1330,8 @@ tcp_ctloutput(struct socket *so, struct sockopt *s
>>> 				tp->t_flags |= TF_NOPUSH;
>>> 			else {
>>> 				tp->t_flags &= ~TF_NOPUSH;
>>> -				error = tcp_output(tp);
>>> +				if (TCPS_HAVEESTABLISHED(tp->t_state))
>>> +					error = tcp_output(tp);
>>> 			}
>>> 			INP_WUNLOCK(inp);
>>> 			break;
>> 
>> I was thinking of correcting it the same way.. I might even do something
>> like:
>> 
>> 	else {
>> 		if (tp->t_flags & TF_NOPUSH) {
>> 			tp->t_flags &= ~TF_NOPUSH;
>> 			if (TCPS_HAVEESTABLISHED(tp->t_state))
>> 				error = tcp_output(tp);
>> 		}
>> 	}
>> 
>> By default, this mask is not set.. so un-setting it and calling tcp_output() 
>> if it was not already set seems wasteful
> 
> Apologies for tuning in late, but FWIW I concur and think the above
> patch is appropriate.
> 
> Cheers,
> Lawrence
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"



More information about the freebsd-security mailing list