cvs commit: src/sys/sys socketvar.h src/sys/kern uipc_socket.c
Robert Drehmel
robert at FreeBSD.org
Thu Jul 17 16:49:12 PDT 2003
robert 2003/07/17 16:49:10 PDT
FreeBSD src repository
Modified files:
sys/sys socketvar.h
sys/kern uipc_socket.c
Log:
To avoid a kernel panic provoked by a NULL pointer dereference,
do not clear the `sb_sel' member of the sockbuf structure
while invalidating the receive sockbuf in sorflush(), called
from soshutdown().
The panic was reproduceable from user land by attaching a knote
with EVFILT_READ filters to a socket, disabling further reads
from it using shutdown(2), and then closing it. knote_remove()
was called to remove all knotes from the socket file descriptor
by detaching each using its associated filterops' detach call-
back function, sordetach() in this case, which tried to remove
itself from the invalidated sockbuf's klist (sb_sel.si_note).
PR: kern/54331
Revision Changes Path
1.153 +7 -1 src/sys/kern/uipc_socket.c
1.104 +1 -0 src/sys/sys/socketvar.h
More information about the cvs-src
mailing list