> i believe you will want to merge this.
> scenario:
> - you are listening to tcp port
> - someone comes in, handshake (SYN, SYNACK, ACK)
> - someone sends RST
> - your server issues accept(2)
> previous behavior: accept(2) returns successful result with zero-
> length sockaddr.
> new behavior: return ECONNABORTED.
>
> effect:
> - if someone runs nmap against your machine, and you are unlucky,
> your server listening to tcp port (like BIND9) can get
> segv/abort due to unexpected zero-length sockaddr + successful
> error return on accept(2).
FYI:
9.1.0 had assert() against sockaddr returned by accept(2). therefore
BIND 9.1.0 will get killed (or go suicide) by remote nmap with
"previous (kernel) behavior" presented above.
(it will only happen you are very unlucky - it is timing issue)
BIND 9.1.1rc1 now includes workaround (no assert).
itojun
> 727. [port] Work around OS bug where accept() succeeds but
> fails to fill in the peer address of the accepted
> connection, by treating it as an error rather than
> an assertion failure. [RT #809]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
