inetd crashes VKERNEL

Nicolas Thery nthery at gmail.com
Sun Jul 6 01:30:00 PDT 2008


2008/7/5 Nicolas Thery <nthery at gmail.com>:
> It looks like so_pru_ctloutput() passes an invalid sopt_val to
> kfree().  This code was changed
> recently:
>
> http://leaf.dragonflybsd.org/mailarchive/commits/2008-06/msg00123.html
>
> There is some pointer  arithmetic on sopt_val in soopt_mcopyout() that
> may cause the panic you
> observe.  sopt_val ends up pointing past the data copied from the
> mbuf. Maybe this is
> intentional as the code is old (imported straight from fbsd 4 and is
> still in fbsd head).  This
> would allow to append more data later on. On the other hand, maybe
> that's a bug.  Only a
> networking savvy person could say.

Forget this, soopt_mcopyout() is called during getsockopt() but the
crash ocurred during setsockopt()...





More information about the Bugs mailing list