| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Jan 2005 10:17:00 +1100
From: Damien Miller <djm@...drot.org>
To: David LeBlanc <dleblanc@...hange.microsoft.com>
Cc: 3APA3A <3APA3A@...urity.nnov.ru>, bugtraq@...urityfocus.com
Subject: Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap
array index overflow
David LeBlanc wrote:
> if (__i == ((fd_set FAR *)(set))->fd_count) { \
> if (((fd_set FAR *)(set))->fd_count < FD_SETSIZE) { \
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> ((fd_set FAR *)(set))->fd_array[__i] = (fd); \
> ((fd_set FAR *)(set))->fd_count++; \
> } \
> } \
> } while(0)
>
> So if you attempted to put FD_SETSIZE + 1 sockets into an fd_set, it
> would just fail.
This effectively limits select to a maximum of FD_SETSIZE descriptors on
Windows. I don't think that this limitiation exists on other platforms.
Correctly written programs dynamically allocate their FD_SETs to avoid
these problems (or they use poll or some other mechanism instead).
-d
Powered by blists - more mailing lists