Project

General

Profile

Actions

Bug #269

closed

buffer overflow when number of open file descriptors >= FD_SETSIZE

Added by Pierre-Louis Bonicoli almost 13 years ago. Updated almost 13 years ago.

Status:
Resolved
Priority:
Urgent
Target version:
-
Start date:
2012-01-07
Due date:
% Done:

50%

Estimated time:
Patch Available:
Yes
Found in Versions:
0.7.0 0.8.8
Confirmed:
Yes
Branch:
Security:
Yes
Help Needed:
No

Description

Reported by Julien Tinnes, thanks to him!

Bip doesn't check if fd is equal or larger than FD_SETSIZE.

From select man page:

Executing FD_CLR() or FD_SET() with a value of fd that is negative or is equal to or larger than FD_SETSIZE will result in undefined behavior.


Files

Actions #1

Updated by Pierre-Louis Bonicoli almost 13 years ago

Patch added.

Actions #2

Updated by Pierre-Louis Bonicoli almost 13 years ago

As stated by Nohar, server sockets must be checked too !

Actions #3

Updated by Pierre-Louis Bonicoli almost 13 years ago

  • Status changed from In Progress to Resolved
  • Found in Versions changed from 0.8.2 0.8.8 to 0.7.0 0.8.8
Actions #4

Updated by Pierre-Louis Bonicoli almost 13 years ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF