Date: Thu, 08 Feb 2001 13:28:55 +0900 From: itojun@iijlab.net To: Kris Kennaway <kris@obsecurity.org> Cc: net@freebsd.org, security-officer@freebsd.org Subject: Re: [itojun@iijlab.net: accept(2) behavior with tcp RST right after handshake] Message-ID: <12239.981606535@coconut.itojun.org> In-Reply-To: kris's message of Wed, 07 Feb 2001 10:14:18 PST. <20010207101417.A28791@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
> i believe you will want to merge this. > scenario: > - you are listening to tcp port > - someone comes in, handshake (SYN, SYNACK, ACK) > - someone sends RST > - your server issues accept(2) > previous behavior: accept(2) returns successful result with zero- > length sockaddr. > new behavior: return ECONNABORTED. > > effect: > - if someone runs nmap against your machine, and you are unlucky, > your server listening to tcp port (like BIND9) can get > segv/abort due to unexpected zero-length sockaddr + successful > error return on accept(2). FYI: 9.1.0 had assert() against sockaddr returned by accept(2). therefore BIND 9.1.0 will get killed (or go suicide) by remote nmap with "previous (kernel) behavior" presented above. (it will only happen you are very unlucky - it is timing issue) BIND 9.1.1rc1 now includes workaround (no assert). itojun > 727. [port] Work around OS bug where accept() succeeds but > fails to fill in the peer address of the accepted > connection, by treating it as an error rather than > an assertion failure. [RT #809] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12239.981606535>