Project

General

Profile

Actions

Bug #269

closed

buffer overflow when number of open file descriptors >= FD_SETSIZE

Added by Pierre-Louis Bonicoli almost 13 years ago. Updated almost 13 years ago.

Status:
Resolved
Priority:
Urgent
Target version:
-
Start date:
2012-01-07
Due date:
% Done:

50%

Estimated time:
Patch Available:
Yes
Found in Versions:
0.7.0 0.8.8
Confirmed:
Yes
Branch:
Security:
Yes
Help Needed:
No

Description

Reported by Julien Tinnes, thanks to him!

Bip doesn't check if fd is equal or larger than FD_SETSIZE.

From select man page:

Executing FD_CLR() or FD_SET() with a value of fd that is negative or is equal to or larger than FD_SETSIZE will result in undefined behavior.


Files

Actions

Also available in: Atom PDF