Re: Easy DoS

From: Kostik Belousov <kostikbel_at_gmail.com>
Date: Fri, 16 Dec 2005 17:10:16 +0200
On Fri, Dec 16, 2005 at 02:34:48PM +0100, Csaba Henk wrote:
> Do
> 
> echo 'main() { write(1, 0, 1); }' > edos.c
> gcc -o edos edos.c
> ./edos | cat
> 
> ... and now the edos process gets stuck in the write syscall, unkillably,
> keeping the CPU spinning. (Seen on my 6.0-RELEASE and 7.0-CURRENT boxen.)
> 
> Is it a bug or a feature?
> 
> Csaba

Sure, it is a bug :).

Please, try the following patch (against 7-CURRENT,
shall work for 6-STABLE too):

--- src-pristine/sys/kern/sys_pipe.c    Mon Jul 11 11:33:58 2005
+++ src-quotas/sys/kern/sys_pipe.c      Fri Dec 16 17:03:01 2005
_at__at_ -1176,6 +1176,8 _at__at_
                                        ("Pipe buffer overflow"));
                        }
                        pipeunlock(wpipe);
+                       if (error != 0)
+                               break;
                } else {
                        /*
                         * If the "read-side" has been blocked, wake it up now.

Best regards,
Kostik Belousov

Received on Fri Dec 16 2005 - 14:10:46 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:49 UTC