Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#4770 closed bug (fixed)

How to crash Haiku (KDL via recv() function)

Reported by: rogueeve Owned by: nobody
Priority: normal Milestone: R1
Component: Network & Internet/Stack Version: R1/alpha1
Keywords: Cc:
Blocked By: Blocking:
Has a Patch: no Platform: All

Description

Hi all...

The attached .cpp program will reproducibly cause a KDL under hrev33411. The crash is initiated by passing a bad pointer as the buffer argument to the Berkeley recv() function. The exact error displayed is "Page fault in kernel space".

This is a distilled version of a bug I found in one of my real programs. In that case it was caused by recv()'ing into a variable but forgetting to include the "&".

Of course calling recv() this way is incorrect, but I assume bringing down the whole system is not an "acceptable" response.

Attachments (2)

kdl.zip (7.0 KB ) - added by rogueeve 10 years ago.
(warning: this program causes an immediate KDL, run "sync" first to avoid lost data)
kdl.cpp (4.4 KB ) - added by rogueeve 10 years ago.
the source alone for browsing online

Download all attachments as: .zip

Change History (8)

by rogueeve, 10 years ago

Attachment: kdl.zip added

(warning: this program causes an immediate KDL, run "sync" first to avoid lost data)

by rogueeve, 10 years ago

Attachment: kdl.cpp added

the source alone for browsing online

comment:1 by mmlr, 10 years ago

Resolution: fixed
Status: newclosed

Fixed in hrev33564. Thanks for the nice test case!

in reply to:  1 comment:2 by rogueeve, 10 years ago

Component: - GeneralNetwork & Internet/Stack

I applied this patch to my kernel, jammed, and the test program still KDL's the system.

The binary that needs to be updated would be "kernel_x86", correct? This is what I would assume, and is what jam rebuilt after I applied the patch.

I also attempted to do a complete re-build and fresh dd the resulting image, but the latest SVN (hrev33565) seems to have a bunch of other issues that prevent it from booting on my system-- both natively and under QEMU, I was unable to get it to make it to the desktop.

comment:3 by rogueeve, 10 years ago

Resolution: fixed
Status: closedreopened

(forgot to check the reopen button)

I guess I'll re-open since I can't reproduce the fix as working. I'd feel more confident about saying this if I was able to boot the full re-build to make absolutely sure, but the patch on it's own did not work for me, anyway, and I don't see any reason why it shouldn't have.

comment:4 by axeld, 10 years ago

Resolution: fixed
Status: reopenedclosed

You need to replace the network stack, not the kernel, so this this would be "stack" in this case. I'll close the bug again until you properly tested this.

in reply to:  4 comment:5 by rogueeve, 10 years ago

Sorry for my ignorance as to the organization. I replaced "/boot/system/add-ons/kernel/network/stack" and now the behavior is simply that recv returns -1. Thanks for the pointer.

comment:6 by axeld, 10 years ago

No problem, it's always annoying when the build is broken. Luckily, I'm responsible for this half of the time, so I don't notice it myself ;-)

Note: See TracTickets for help on using tickets.