Project

General

Profile

Bug #269

buffer overflow when number of open file descriptors >= FD_SETSIZE

Added by Pierre-Louis Bonicoli over 11 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
Urgent
Target version:
-
Start date:
2012-01-07
Due date:
% Done:

50%

Estimated time:
Patch Available:
Yes
Found in Versions:
0.7.0 0.8.8
Confirmed:
Yes
Branch:
Security:
Yes
Help Needed:
No

Description

Reported by Julien Tinnes, thanks to him!

Bip doesn't check if fd is equal or larger than FD_SETSIZE.

From select man page:

Executing FD_CLR() or FD_SET() with a value of fd that is negative or is equal to or larger than FD_SETSIZE will result in undefined behavior.


Files

History

#1

Updated by Pierre-Louis Bonicoli over 11 years ago

Patch added.

#2

Updated by Pierre-Louis Bonicoli over 11 years ago

As stated by Nohar, server sockets must be checked too !

#3

Updated by Pierre-Louis Bonicoli over 11 years ago

  • Status changed from In Progress to Resolved
  • Found in Versions changed from 0.8.2 0.8.8 to 0.7.0 0.8.8
#4

Updated by Pierre-Louis Bonicoli over 11 years ago

  • Private changed from Yes to No

Also available in: Atom PDF