Reject socket fds > FD_SETSIZE

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20127 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/kdc/network.c b/src/kdc/network.c
index 86fa6c0ceed70e37ece6abe64300924ff66d0211..dc21e1d77f2a97bebe898063c27326c9035f97cd 100644 (file)
--- a/src/kdc/network.c
+++ b/src/kdc/network.c
@@ -312,6 +312,12 @@ add_fd (struct socksetup *data, int sock, enum kdc_conn_type conntype,
     struct connection *newconn;
     void *tmp;
 
+    if (sock > FD_SETSIZE) {
+       data->retval = EMFILE;  /* XXX */
+       com_err(data->prog, 0,
+               "file descriptor number %d too high", sock);
+       return 0;
+    }
     newconn = malloc(sizeof(*newconn));
     if (newconn == 0) {
        data->retval = errno;
@@ -396,6 +402,12 @@ setup_a_tcp_listener(struct socksetup *data, struct sockaddr *addr)
                paddr(addr));
        return -1;
     }
+    if (sock > FD_SETSIZE) {
+       close(sock);
+       com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high",
+               sock, paddr(addr));
+       return -1;
+    }
     if (setreuseaddr(sock, 1) < 0)
        com_err(data->prog, errno,
                "Cannot enable SO_REUSEADDR on fd %d", sock);
@@ -1098,6 +1110,10 @@ static void accept_tcp_connection(struct connection *conn, const char *prog,
     s = accept(conn->fd, addr, &addrlen);
     if (s < 0)
        return;
+    if (s > FD_SETSIZE) {
+       close(s);
+       return;
+    }
     setnbio(s), setnolinger(s);
 
     sockdata.prog = prog;

diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
index 0c63b22ecab1fbb1c27ad15b6fa03747b9194be5..9992747367e8b1f0f174da8bf25252701faf5a24 100644 (file)
--- a/src/lib/krb5/os/sendto_kdc.c
+++ b/src/lib/krb5/os/sendto_kdc.c
@@ -671,6 +671,12 @@ start_connection (struct conn_state *state,
        dprint("socket: %m creating with af %d\n", state->err, ai->ai_family);
        return -1;              /* try other hosts */
     }
+    if (fd > FD_SETSIZE) {
+       close(fd);
+       state->err = EMFILE;
+       dprint("socket: fd %d too high\n", fd);
+       return -1;
+    }
     /* Make it non-blocking.  */
     if (ai->ai_socktype == SOCK_STREAM) {
        static const int one = 1;