Bug 53693

Summary: System crash kernel hang sending data to socket as normal user
Product: [Retired] Red Hat Linux Reporter: Scott Porter <scott>
Component: kernelAssignee: David Miller <davem>
Status: CLOSED CURRENTRELEASE QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: http://www.javascript-games.org/socket_bug/socket_bug.tgz
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-12-18 14:14:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Scott Porter 2001-09-15 12:28:11 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)

Description of problem:
While testing a java server, I wrote a small C program to send data out to 
a socket. I created a bug, which meant a large amount of data was pushed 
in one write, the data itself didn't exist (pointer error).

The result, which is easily replicated, is a complete system crash, even 
though the program itself is not running as root. Possible exploit? 
Everything stops; network, video, keyboard, disk. No logs are generated so 
far as I can tell.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Download the tarball from the URL I supplied above.
2. Either build the program, or run the included version.
3. Watch everything stop :-)
	

Actual Results:  System crash.

Expected Results:  System running :-) Program should send data out to 
socket. Expected a segfault due to bug.

Additional info:
Comment 1 David Miller 2001-09-20 23:52:53 UTC 
You don't mention which kernel version or rpm you are using.
Nevertheless can you try to reproduce this with our latest
errata kernels?

There was a similar bug like this at one point, and it may be
present in the kernel which shipped in 7.1
Comment 2 Scott Porter 2001-09-21 08:28:16 UTC 
Ok, this is the stock install of RH 7.1. on various hardware (same results on 
each). No changes to the Kernel (normal kernel, not Enterprise or SMP). Apart 
from the Ximian desktop, the install is standard in each case. I'll download 
the errata rpms to test (will take a while, I'm on a modem!)
Comment 3 Michael K. Johnson 2002-01-18 20:11:33 UTC 
Please try updating to the errata release first.  You can use up2date
to do so.