Bug 25732

Summary: Patch against crash caused by operations with half-binded sockets.
Product: Base System Reporter: Unicorn <Unicorn>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Unicorn 2001-03-12 11:30:01 UTC 
	If bind() call fails to allocate port due `prison_ip' permission failure,
	socket left in half-binded state (bind returns an error, but doesn't
	undo socket state (in case of failure bind should left
	inp_laddr.s_addr == INADDR_ANY && inp_lport == 0, indicating, that socket
	is NOT yet binded)). In upper case `bind' aborted, left in binded state, 
	but doesn't inserted in hashlists (in_pcbinshash). Any operations with 
	such sockets will cause dereferencing of hash pointers and lead to crash.

Fix: `cvs diff in_pcb.c' follows:
How-To-Repeat: 	In jail with NIS/YP environment type `id some_nis_user'.
Comment 1 Poul-Henning Kamp 2001-03-12 11:43:22 UTC 
Please use "diff -u" and resubmit the patch.

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Comment 2 Poul-Henning Kamp freebsd_committer freebsd_triage 2001-03-12 21:23:17 UTC 
State Changed
From-To: open->closed

Please see PR 25751 instead.