lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <41FAC7EC.90605@mindrot.org>
Date: Sat, 29 Jan 2005 10:17:00 +1100
From: Damien Miller <djm@...drot.org>
To: David LeBlanc <dleblanc@...hange.microsoft.com>
Cc: 3APA3A <3APA3A@...urity.nnov.ru>, bugtraq@...urityfocus.com
Subject: Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap
 array index overflow


David LeBlanc wrote:
>     if (__i == ((fd_set FAR *)(set))->fd_count) { \
>         if (((fd_set FAR *)(set))->fd_count < FD_SETSIZE) { \
>              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>             ((fd_set FAR *)(set))->fd_array[__i] = (fd); \
>             ((fd_set FAR *)(set))->fd_count++; \
>         } \
>     } \
> } while(0) 
> 
> So if you attempted to put FD_SETSIZE + 1 sockets into an fd_set, it
> would just fail.

This effectively limits select to a maximum of FD_SETSIZE descriptors on
Windows. I don't think that this limitiation exists on other platforms.

Correctly written programs dynamically allocate their FD_SETs to avoid
these problems (or they use poll or some other mechanism instead).

-d

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ