[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug#129559: libpager robustness

From: Thomas Bushnell, BSG
Subject: Bug#129559: libpager robustness
Date: 17 Jan 2002 10:01:47 -0800
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1

Marcus Brinkmann <address@hidden> writes:

> Neal reported this bug to me a while ago.  If you send an invalid message (a
> message with an unhandled msgid) to a pager, it will miss out on this msg id
> and the seqno stuff doesn't catch up anymore.  The result is a deadlock
> waiting for this msg id when the next valid message is processed.

You betcha.  It is basically assumed (quite unsecurely) that the user
will not be "mean" with the pager port he's given.

> Neal and me agreed on a potential fix for this, the patch is below.  The
> only thing I am uncertain about is what checks need to be done on the msg
> format.  Does the kernel guarantee that the header up to msgh_remote_port
> really exists and is valid?  I'd guess so much, but I didn't verify it.

The kernel guarantees the entire message's format.  (By "is valid"
however, note that there can be various races.  At the time the kernel
arranges the message the reply port is valid, but it might well become
dead at some point after that.  The generic MiG message demuxer which
sends the actual reply messages DTRT for all those cases, however.

I think your patch is a good idea.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]