Date: Wed, 30 Mar 2005 04:40:06 GMT From: Maxim Konovalov <maxim@macomnet.ru> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/79342: When looking for an unused port number for bind or connect, if low & high port range are equal, kernel can trap in divide by zero error Message-ID: <200503300440.j2U4e6Bm066144@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/79342; it has been noted by GNATS. From: Maxim Konovalov <maxim@macomnet.ru> To: Anjali Kulkarni <anjali@juniper.net> Cc: silby@freebsd.org, bug-followup@freebsd.org Subject: Re: kern/79342: When looking for an unused port number for bind or connect, if low & high port range are equal, kernel can trap in divide by zero error Date: Wed, 30 Mar 2005 08:37:19 +0400 (MSD) Hi, > >Synopsis: When looking for an unused port number for bind or > >connect, if low & high port range are equal, kernel can trap in > >divide by zero error [...] > >Release: 4.10 [...] > In src/sys/netinet/in_pcb.c, in the function in_pcbbind(), when > trying to find an unused port number in the range of ports allowed > to be used, there are cases to handle upper port limit > lower port > limit and upper port limit < lower port limit, but no case to handle > when they are equal. Consequently, if they are equal, the kernel > will have a divide by zero trap when the line *lastport = first - > (arc4random() % (first - last)) OR the line *lastport = first + > (arc4random() % (last - first)) is executed, where first and last > are the port ranges in which we check for an unused port number. > > >How-To-Repeat: > > set > > net.inet.ip.portrange.first = net.inet.ip.portrange.last. (say 1024) Just a note the bug is appeared with net.inet.ip.portrange.randomized=1 only. I think we need to stop doing random port allocation if last - first delta is ridiculous small. -- Maxim Konovalov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503300440.j2U4e6Bm066144>