Recent full disclosure post - Local DOS
Christian Peron
csjp at freebsd.org
Sat Jan 29 00:50:16 UTC 2011
On Fri, Jan 28, 2011 at 02:27:18PM -0500, John Baldwin wrote:
[..]
> ===================================================================
> --- tcp_usrreq.c (revision 218018)
> +++ tcp_usrreq.c (working copy)
> @@ -1330,7 +1330,8 @@ tcp_ctloutput(struct socket *so, struct sockopt *s
> tp->t_flags |= TF_NOPUSH;
> else {
> tp->t_flags &= ~TF_NOPUSH;
> - error = tcp_output(tp);
> + if (TCPS_HAVEESTABLISHED(tp->t_state))
> + error = tcp_output(tp);
> }
> INP_WUNLOCK(inp);
> break;
I was thinking of correcting it the same way.. I might even do something
like:
else {
if (tp->t_flags & TF_NOPUSH) {
tp->t_flags &= ~TF_NOPUSH;
if (TCPS_HAVEESTABLISHED(tp->t_state))
error = tcp_output(tp);
}
}
By default, this mask is not set.. so un-setting it and calling tcp_output()
if it was not already set seems wasteful
--
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20110129/f6963351/attachment.pgp
More information about the freebsd-security
mailing list