From root@Guest.Forest.Od.UA  Sun Oct  8 16:09:58 2000
Return-Path: <root@Guest.Forest.Od.UA>
Received: from Guest.Forest.Od.UA (Guest.Forest.Od.UA [195.138.70.163])
	by hub.freebsd.org (Postfix) with ESMTP id 6C37F37B66E
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  8 Oct 2000 16:09:54 -0700 (PDT)
Received: (from root@localhost)
	by Guest.Forest.Od.UA (8.11.0/8.11.0) id e98MwCE26166;
	Mon, 9 Oct 2000 01:58:12 +0300 (EEST)
	(envelope-from root)
Message-Id: <200010082258.e98MwCE26166@Guest.Forest.Od.UA>
Date: Mon, 9 Oct 2000 01:58:12 +0300 (EEST)
From: Unicorn@Forest.Od.UA
Sender: root@Guest.Forest.Od.UA
Reply-To: Unicorn@Forest.Od.UA
To: FreeBSD-gnats-submit@freebsd.org
Subject: crash, while tring to send udp via half-binded socket from jail
X-Send-Pr-Version: 3.2

>Number:         21845
>Category:       kern
>Synopsis:       crash, while tring to send udp via half-binded socket from jail
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    phk
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 08 16:10:01 PDT 2000
>Closed-Date:    Wed Mar 28 09:55:43 PST 2001
>Last-Modified:  Wed Mar 28 09:55:59 PST 2001
>Originator:     The Winged Unicorn
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
Edem
>Environment:

	jail

>Description:

         While adding stuff for jail sockets binding  limitations roll
back before returning error was missed. `bind'  returns an  error, but
socket became `half-binded', i.e.  laddr was  changed to  some nonzero
value.  When `sendto'  called, pcb  of that  socket proceed,  but it's
list   fields   still   uninitialized.   This   leads   to   crash  in
sendto->...->in_pcbconnect->in_pcbrehash.

>How-To-Repeat:

         Install jail, NIS/YP server on real system served  passwd DB,
NIS/YP client on jail system using  shared passwd  DB. Login  using YP
account and just type 'id', 'finger', or whatever.

>Fix:

Apply patch:

cvs diff: Diffing .
Index: in_pcb.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/in_pcb.c,v
retrieving revision 1.67
diff -r1.67 in_pcb.c
273c273,274
< 		if (prison_ip(p, 0, &inp->inp_laddr.s_addr ))
---
> 		if (prison_ip(p, 0, &inp->inp_laddr.s_addr )) {
> 			inp->inp_laddr.s_addr = INADDR_ANY; /* roll back */
274a276
> 		}
282c284,285
< 			if (p && (error = suser_xxx(0, p, PRISON_ROOT)))
---
> 			if (p && (error = suser_xxx(0, p, PRISON_ROOT))) {
> 				inp->inp_laddr.s_addr = INADDR_ANY; /* roll back */
283a287
> 			}

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->phk 
Responsible-Changed-By: phk 
Responsible-Changed-When: Mon Dec 18 12:34:03 PST 2000 
Responsible-Changed-Why:  
Jail is my baby. 

Can you send me a "diff -u" instead please ? 


http://www.freebsd.org/cgi/query-pr.cgi?pr=21845 
State-Changed-From-To: open->feedback 
State-Changed-By: phk 
State-Changed-When: Wed Mar 28 07:43:47 PST 2001 
State-Changed-Why:  
Can you confirm this problemis solved now ? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21845 

From:   <unicorn@Forest.Od.UA>
To: phk@FreeBSD.org
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/21845: crash, while tring to send udp via half-binded socket
 from jail
Date: Wed, 28 Mar 2001 20:46:29 +0300 (EEST)

 | Can you confirm this problemis solved now ?
 
 Sure, it's seems to be done since thread
 http://www.freebsd.org/cgi/query-pr.cgi?pr=25751 was closed.
 
 Guess, I've missed your first reply on this PR.
 Sorry.
 
 --
 sit benedictum
 
State-Changed-From-To: feedback->closed 
State-Changed-By: phk 
State-Changed-When: Wed Mar 28 09:55:43 PST 2001 
State-Changed-Why:  
reported fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21845 
>Unformatted:
