NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/48098: panic: kernel diagnostic assertion "cred != NULL": sys/kern/kern_auth.c
The following reply was made to PR kern/48098; it has been noted by GNATS.
From: David Holland <dholland-bugs%netbsd.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: kern/48098: panic: kernel diagnostic assertion "cred != NULL":
sys/kern/kern_auth.c
Date: Sat, 2 Nov 2013 19:38:03 +0000
sent to "gnats" instead of "gnats-bugs"
------
From: Michael van Elst <mlelstv%serpens.de@localhost>
To: gnats%netbsd.org@localhost
Subject: Re: kern/48098: panic: kernel diagnostic assertion "cred != NULL":
sys/kern/kern_auth.c
Date: Mon, 28 Oct 2013 22:37:32 +0100
Our network code adds new connections to the connection table
in an interrupt and references a socket from this table. The
socket is also added to the accept queue of the listening socket.
At this point the socket has no credentials, but tcpdrop can
find it in the connection table and crash the system by referencing
a NULL pointer.
Index: uipc_socket.c
===================================================================
RCS file: /cvsroot/src/sys/kern/uipc_socket.c,v
retrieving revision 1.219
diff -u -r1.219 uipc_socket.c
--- uipc_socket.c 17 Oct 2013 20:57:06 -0000 1.219
+++ uipc_socket.c 28 Oct 2013 21:26:12 -0000
@@ -416,7 +416,7 @@
/* Normal users can only drop their own connections. */
struct socket *so = (struct socket *)arg1;
- if (proc_uidmatch(cred, so->so_cred) == 0)
+ if (so->so_cred != NULL && proc_uidmatch(cred, so->so_cred) ==
0)
result = KAUTH_RESULT_ALLOW;
break;
This patch should prevent tcpdrop from crashing the system. Since the
not accepted socket has no credentials, the connection can only be
dropped by the superuser.
Greetings,
--
Michael van Elst
Internet: mlelstv%serpens.de@localhost
"A potential Snark may lurk in every tree."
Home |
Main Index |
Thread Index |
Old Index