Bug #269
buffer overflow when number of open file descriptors >= FD_SETSIZE
Start date:
2012-01-07
Due date:
% Done:
50%
Estimated time:
Patch Available:
Yes
Found in Versions:
0.7.0 0.8.8
Confirmed:
Yes
Branch:
Security:
Yes
Help Needed:
No
Description
Reported by Julien Tinnes, thanks to him!
Bip doesn't check if fd is equal or larger than FD_SETSIZE.
From select man page:
Executing FD_CLR() or FD_SET() with a value of fd that is negative or is equal to or larger than FD_SETSIZE will result in undefined behavior.
Files
History
Updated by Pierre-Louis Bonicoli over 11 years ago
Updated by - File 0001-Buffer-Overflow-check-against-the-implicit-size-of-s.patch 0001-Buffer-Overflow-check-against-the-implicit-size-of-s.patch added
- Subject changed from buffer overflow when number of open file descriptors >= 1024 to buffer overflow when number of open file descriptors >= FD_SETSIZE
- Description updated (diff)
Patch added.
Updated by Pierre-Louis Bonicoli over 11 years ago
As stated by Nohar, server sockets must be checked too !
Updated by Pierre-Louis Bonicoli over 11 years ago
- Status changed from In Progress to Resolved
- Found in Versions changed from 0.8.2 0.8.8 to 0.7.0 0.8.8