#4770 closed bug (fixed)
How to crash Haiku (KDL via recv() function)
Reported by: | rogueeve | Owned by: | nobody |
---|---|---|---|
Priority: | normal | Milestone: | R1 |
Component: | Network & Internet/Stack | Version: | R1/alpha1 |
Keywords: | Cc: | ||
Blocked By: | Blocking: | ||
Platform: | All |
Description
Hi all...
The attached .cpp program will reproducibly cause a KDL under hrev33411. The crash is initiated by passing a bad pointer as the buffer argument to the Berkeley recv() function. The exact error displayed is "Page fault in kernel space".
This is a distilled version of a bug I found in one of my real programs. In that case it was caused by recv()'ing into a variable but forgetting to include the "&".
Of course calling recv() this way is incorrect, but I assume bringing down the whole system is not an "acceptable" response.
Attachments (2)
Change History (8)
by , 15 years ago
follow-up: 2 comment:1 by , 15 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed in hrev33564. Thanks for the nice test case!
comment:2 by , 15 years ago
Component: | - General → Network & Internet/Stack |
---|
I applied this patch to my kernel, jammed, and the test program still KDL's the system.
The binary that needs to be updated would be "kernel_x86", correct? This is what I would assume, and is what jam rebuilt after I applied the patch.
I also attempted to do a complete re-build and fresh dd the resulting image, but the latest SVN (hrev33565) seems to have a bunch of other issues that prevent it from booting on my system-- both natively and under QEMU, I was unable to get it to make it to the desktop.
comment:3 by , 15 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
(forgot to check the reopen button)
I guess I'll re-open since I can't reproduce the fix as working. I'd feel more confident about saying this if I was able to boot the full re-build to make absolutely sure, but the patch on it's own did not work for me, anyway, and I don't see any reason why it shouldn't have.
follow-up: 5 comment:4 by , 15 years ago
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
You need to replace the network stack, not the kernel, so this this would be "stack" in this case. I'll close the bug again until you properly tested this.
comment:5 by , 15 years ago
Sorry for my ignorance as to the organization. I replaced "/boot/system/add-ons/kernel/network/stack" and now the behavior is simply that recv returns -1. Thanks for the pointer.
comment:6 by , 15 years ago
No problem, it's always annoying when the build is broken. Luckily, I'm responsible for this half of the time, so I don't notice it myself ;-)
(warning: this program causes an immediate KDL, run "sync" first to avoid lost data)