inetd crashes VKERNEL
Nicolas Thery
nthery at gmail.com
Sun Jul 6 01:30:00 PDT 2008
2008/7/5 Nicolas Thery <nthery at gmail.com>:
> It looks like so_pru_ctloutput() passes an invalid sopt_val to
> kfree(). This code was changed
> recently:
>
> http://leaf.dragonflybsd.org/mailarchive/commits/2008-06/msg00123.html
>
> There is some pointer arithmetic on sopt_val in soopt_mcopyout() that
> may cause the panic you
> observe. sopt_val ends up pointing past the data copied from the
> mbuf. Maybe this is
> intentional as the code is old (imported straight from fbsd 4 and is
> still in fbsd head). This
> would allow to append more data later on. On the other hand, maybe
> that's a bug. Only a
> networking savvy person could say.
Forget this, soopt_mcopyout() is called during getsockopt() but the
crash ocurred during setsockopt()...
More information about the Bugs
mailing list