Re: Easy DoS

From: Fabian Keil <freebsd-listen_at_fabiankeil.de>
Date: Fri, 16 Dec 2005 17:26:43 +0100
Kostik Belousov <kostikbel_at_gmail.com> wrote:

> On Fri, Dec 16, 2005 at 02:34:48PM +0100, Csaba Henk wrote:
> > Do
> > 
> > echo 'main() { write(1, 0, 1); }' > edos.c
> > gcc -o edos edos.c
> > ./edos | cat
> > 
> > ... and now the edos process gets stuck in the write syscall,
> > unkillably, keeping the CPU spinning. (Seen on my 6.0-RELEASE and
> > 7.0-CURRENT boxen.)
> > 
> > Is it a bug or a feature?
> > 
> > Csaba
> 
> Sure, it is a bug :).
> 
> Please, try the following patch (against 7-CURRENT,
> shall work for 6-STABLE too):
> 
> --- src-pristine/sys/kern/sys_pipe.c    Mon Jul 11 11:33:58 2005
> +++ src-quotas/sys/kern/sys_pipe.c      Fri Dec 16 17:03:01 2005
> _at__at_ -1176,6 +1176,8 _at__at_
>                                         ("Pipe buffer overflow"));
>                         }
>                         pipeunlock(wpipe);
> +                       if (error != 0)
> +                               break;
>                 } else {
>                         /*
>                          * If the "read-side" has been blocked, wake
> it up now.

The patch fixed the bug for 5.4-STABLE.

Fabian
-- 
http://www.fabiankeil.de/

Received on Fri Dec 16 2005 - 15:27:20 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:49 UTC