lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Jan 2005 10:17:00 +1100 From: Damien Miller <djm@...drot.org> To: David LeBlanc <dleblanc@...hange.microsoft.com> Cc: 3APA3A <3APA3A@...urity.nnov.ru>, bugtraq@...urityfocus.com Subject: Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow David LeBlanc wrote: > if (__i == ((fd_set FAR *)(set))->fd_count) { \ > if (((fd_set FAR *)(set))->fd_count < FD_SETSIZE) { \ > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > ((fd_set FAR *)(set))->fd_array[__i] = (fd); \ > ((fd_set FAR *)(set))->fd_count++; \ > } \ > } \ > } while(0) > > So if you attempted to put FD_SETSIZE + 1 sockets into an fd_set, it > would just fail. This effectively limits select to a maximum of FD_SETSIZE descriptors on Windows. I don't think that this limitiation exists on other platforms. Correctly written programs dynamically allocate their FD_SETs to avoid these problems (or they use poll or some other mechanism instead). -d
Powered by blists - more mailing lists