Project

General

Profile

Actions
Copy link

Bug #269

closed

buffer overflow when number of open file descriptors >= FD_SETSIZE

Added by Pierre-Louis Bonicoli almost 12 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Pierre-Louis Bonicoli
Target version:
-
Start date:
2012-01-07
Due date:
% Done:

50%

Estimated time:
Patch Available:
Yes
Found in Versions:
0.7.0 0.8.8
Confirmed:
Yes
Branch:
Security:
Yes
Help Needed:
No

Description

Reported by Julien Tinnes, thanks to him!

Bip doesn't check if fd is equal or larger than FD_SETSIZE.

From select man page:

Executing FD_CLR() or FD_SET() with a value of fd that is negative or is equal to or larger than FD_SETSIZE will result in undefined behavior.

Files

0001-Buffer-Overflow-check-against-the-implicit-size-of-s.patch (1.64 KB) 0001-Buffer-Overflow-check-against-the-implicit-size-of-s.patch Pierre-Louis Bonicoli, 2012-01-07 11:45
Actions
Copy link
 #1

Updated by Pierre-Louis Bonicoli almost 12 years ago

Patch added.

Actions
Copy link
 #2

Updated by Pierre-Louis Bonicoli almost 12 years ago

As stated by Nohar, server sockets must be checked too !

Actions
Copy link
 #3

Updated by Pierre-Louis Bonicoli almost 12 years ago

  • Status changed from In Progress to Resolved
  • Found in Versions changed from 0.8.2 0.8.8 to 0.7.0 0.8.8
Actions
Copy link
 #4

Updated by Pierre-Louis Bonicoli almost 12 years ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF