[dovecot-cvs] dovecot/src/lib ioloop-select.c,1.6,1.7
cras at procontrol.fi
cras at procontrol.fi
Sat Dec 21 15:38:02 EET 2002
Update of /home/cvs/dovecot/src/lib
In directory danu:/tmp/cvs-serv23327/lib
Modified Files:
ioloop-select.c
Log Message:
select() based I/O-loop: Kill ourself if we're trying to use more than
FD_SETSIZE (1024) fds. Before we just overflowed fd_set buffer, but it's
unlikely it could have been exploited. Default settings prevented this from
happening anyway.
Index: ioloop-select.c
===================================================================
RCS file: /home/cvs/dovecot/src/lib/ioloop-select.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- ioloop-select.c 10 Dec 2002 08:13:40 -0000 1.6
+++ ioloop-select.c 21 Dec 2002 13:38:00 -0000 1.7
@@ -34,6 +34,10 @@
#include <sys/time.h>
#include <unistd.h>
+#ifndef FD_SETSIZE
+# define FD_SETSIZE 1024
+#endif
+
struct _IOLoopHandlerData {
fd_set read_fds, write_fds;
};
@@ -54,6 +58,11 @@
void io_loop_handle_add(IOLoop ioloop, int fd, int condition)
{
+ i_assert(fd >= 0);
+
+ if (fd >= FD_SETSIZE)
+ i_fatal("fd %d too large for select()", fd);
+
if (condition & IO_READ)
FD_SET(fd, &ioloop->handler_data->read_fds);
if (condition & IO_WRITE)
@@ -62,6 +71,8 @@
void io_loop_handle_remove(IOLoop ioloop, int fd, int condition)
{
+ i_assert(fd >= 0 && fd < FD_SETSIZE);
+
if (condition & IO_READ)
FD_CLR(fd, &ioloop->handler_data->read_fds);
if (condition & IO_WRITE)
More information about the dovecot-cvs
mailing list