Panic from bad length parameter in bind (Possible DOS attack)

Pawel Jakub Dawidek pjd at
Tue Apr 6 09:35:54 PDT 2004

On Sat, Apr 03, 2004 at 02:21:08PM -0700, Ryan Sommers wrote:
+> Whenever I supply a length of 4 as the final bind parameter I get the
+> following panic. Looks like bind returns fine, however, when the program
+> exits it stumbles over some mutex associated with the descriptor. The
+> mutex passed to mtx_destroy() has MTX_RECURSED set. I attempted to find
+> where the call to bind was clobbering the mutex but couldn't. I attached
+> the simple program to exploit this. I was able to do it as a regular user.

Yes, could you try this patch:

Pawel Jakub Dawidek             
pjd at                 
FreeBSD committer                         Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-current mailing list