DragonFly bugs List (threaded) for 2008-07
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: inetd crashes VKERNEL
| From: | "Nicolas Thery" <nthery@xxxxxxxxx> |
| Date: | Sun, 6 Jul 2008 10:26:15 +0200 |
2008/7/5 Nicolas Thery <nthery@gmail.com>: > It looks like so_pru_ctloutput() passes an invalid sopt_val to > kfree(). This code was changed > recently: > > http://leaf.dragonflybsd.org/mailarchive/commits/2008-06/msg00123.html > > There is some pointer arithmetic on sopt_val in soopt_mcopyout() that > may cause the panic you > observe. sopt_val ends up pointing past the data copied from the > mbuf. Maybe this is > intentional as the code is old (imported straight from fbsd 4 and is > still in fbsd head). This > would allow to append more data later on. On the other hand, maybe > that's a bug. Only a > networking savvy person could say. Forget this, soopt_mcopyout() is called during getsockopt() but the crash ocurred during setsockopt()...
- Follow-Ups:
- Re: inetd crashes VKERNEL
- From: Aggelos Economopoulos <aoiko@cc.ece.ntua.gr>
- Re: inetd crashes VKERNEL
- References:
- inetd crashes VKERNEL
- From: Thomas Nikolajsen <thomas.nikolajsen@mail.dk>
- Re: inetd crashes VKERNEL
- From: "Nicolas Thery" <nthery@gmail.com>
- inetd crashes VKERNEL
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]