forys@sigi.Colorado.EDU (Jeff Forys) (05/07/87)
Index: sys/netinet/tcp_usrreq.c 4.3BSD (patchlevel 9) FIX Repeat By: ( Since *any* user can execute the code, and since it will crash your 4.3BSD machine, I sent it, and a kernel stack trace, to the security mailing list. Look for it there. ) Description: In routine tcp_ctloutput(), under certain conditions, an attempt is made to free an mbuf when, in fact, it's really trying to free a NULL pointer. As a result, Vaxen crash with a `Protection Fault' -- I assume that other 4.3 machines would be equally unhappy. Fix: Obviously, check for the NULL pointer before trying to free the mbuf. Apply the following patch to "sys/netinet/tcp_usrreq.c". *** /tmp/,RCSt1021830 Thu May 7 01:56:49 1987 --- tcp_usrreq.c Thu May 7 01:55:45 1987 *************** *** 344,350 **** error = EINVAL; break; } ! (void)m_free(m); break; case PRCO_GETOPT: --- 344,351 ---- error = EINVAL; break; } ! if (m != NULL) /* check for NULL pointer (jef 5/7/87) */ ! (void) m_free(m); break; case PRCO_GETOPT: --- Jeff Forys @ UC/Boulder Engineering Research Comp Cntr (303-492-6096) forys@Boulder.Colorado.EDU -or- ..!{hao|nbires}!boulder!forys