kern/79342: When looking for an unused port number for bind or
connect, if low & high port range are equal, kernel can trap in divide by
zero error
Maxim Konovalov
maxim at macomnet.ru
Tue Mar 29 20:40:06 PST 2005
The following reply was made to PR kern/79342; it has been noted by GNATS.
From: Maxim Konovalov <maxim at macomnet.ru>
To: Anjali Kulkarni <anjali at juniper.net>
Cc: silby at freebsd.org, bug-followup at freebsd.org
Subject: Re: kern/79342: When looking for an unused port number for bind or
connect, if low & high port range are equal, kernel can trap in divide by
zero error
Date: Wed, 30 Mar 2005 08:37:19 +0400 (MSD)
Hi,
> >Synopsis: When looking for an unused port number for bind or
> >connect, if low & high port range are equal, kernel can trap in
> >divide by zero error
[...]
> >Release: 4.10
[...]
> In src/sys/netinet/in_pcb.c, in the function in_pcbbind(), when
> trying to find an unused port number in the range of ports allowed
> to be used, there are cases to handle upper port limit > lower port
> limit and upper port limit < lower port limit, but no case to handle
> when they are equal. Consequently, if they are equal, the kernel
> will have a divide by zero trap when the line *lastport = first -
> (arc4random() % (first - last)) OR the line *lastport = first +
> (arc4random() % (last - first)) is executed, where first and last
> are the port ranges in which we check for an unused port number.
>
> >How-To-Repeat:
>
> set
>
> net.inet.ip.portrange.first = net.inet.ip.portrange.last. (say 1024)
Just a note the bug is appeared with
net.inet.ip.portrange.randomized=1 only.
I think we need to stop doing random port allocation if last - first
delta is ridiculous small.
--
Maxim Konovalov
More information about the freebsd-bugs
mailing list