25751 – Patch against crash caused by operations with half-binded sockets.

Bug 25751 - Patch against crash caused by operations with half-binded sockets.

Summary: Patch against crash caused by operations with half-binded sockets.

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	5.0-CURRENT
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2001-03-12 21:20 UTC by Unicorn
Modified:	2001-03-12 21:53 UTC (History)
CC List:	0 users

See Also:

Attachments
file.diff (1.78 KB, patch) 2001-03-12 21:20 UTC, Unicorn	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Unicorn 2001-03-12 21:20:01 UTC

	If bind() call fails to allocate port due `prison_ip' permission failure,
	socket left in half-binded state (bind returns an error, but doesn't
	undo socket state (in case of failure bind should left
	inp_laddr.s_addr == INADDR_ANY && inp_lport == 0, indicating, that socket
	is NOT yet binded)). In upper case `bind' aborted, left in binded state, 
	but doesn't inserted in hashlists (in_pcbinshash). Any operations with 
	such sockets will cause dereferencing of hash pointers and lead to crash.

Fix: `cvs diff -u in_pcb.c' follows:
How-To-Repeat: 	In jail with NIS/YP environment type `id some_nis_user'.

Comment 1 Poul-Henning Kamp freebsd_committer

2001-03-12 21:53:30 UTC

State Changed
From-To: open->closed

committed, thanks!