Vulnerability Development mailing list archives
FreeBSD listen() again
From: 3APA3A () SECURITY NNOV RU (3APA3A)
Date: Sat, 30 Oct 1999 17:08:52 +0400
Hello vulN-DEV@, I wasn't right in defining the problem for backlog in listen() as it was correctly pointed by Sebastian <scut () nb in-berlin de>: -=-=-=-=- For some unknown reasons berkeley derived implementations multiply backlog with 1.5. (backlog = 5 will turn to 8 for example). -=-=-=-=- It seems real queue length is counted as backlog + (backlog+1)>>1 that's why listen(sock, 1) will never work as it should. It will allow to establish 2 connections. It's for both FreeBSD 2.2.x and 3.x, so the problem is even deeper. /\_/\ { . . } |\ +--oQQo->{ ^ }<-----+ \ | 3APA3A U 3APA3A } +-------------o66o--+ / |/ X5O!X5O!P@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Current thread:
- Possibly exploitable overflow in Alibaba 2.0 Thomas Dullien (Oct 28)
- Re: Possibly exploitable overflow in Alibaba 2.0 W.H.J.Pinckaers (Oct 29)
- FreeBSD listen() again 3APA3A (Oct 30)
- Re: FreeBSD listen() again Sebastian (Oct 30)
- Re: Possibly exploitable overflow in Alibaba 2.0 Blue Boar (Oct 30)
- <Possible follow-ups>
- Re: Possibly exploitable overflow in Alibaba 2.0 Thomas Dullien (Oct 30)