From 98ae15520f02a545381bec9778f8983b47a3b87a Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 25 Jul 2008 22:38:59 +0000 Subject: [PATCH] pull up r20127 from trunk r20127@cathode-dark-space: raeburn | 2007-10-17 20:14:01 -0400 Reject socket fds > FD_SETSIZE. ticket: 5995 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20586 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/network.c | 16 ++++++++++++++++ src/lib/krb5/os/sendto_kdc.c | 6 ++++++ 2 files changed, 22 insertions(+) diff --git a/src/kdc/network.c b/src/kdc/network.c index 45604466b..3bf18786c 100644 --- a/src/kdc/network.c +++ b/src/kdc/network.c @@ -277,6 +277,12 @@ add_fd (struct socksetup *data, int sock, enum kdc_conn_type conntype, struct connection *newconn; void *tmp; + if (sock > FD_SETSIZE) { + data->retval = EMFILE; /* XXX */ + com_err(data->prog, 0, + "file descriptor number %d too high", sock); + return 0; + } newconn = malloc(sizeof(*newconn)); if (newconn == 0) { data->retval = errno; @@ -360,6 +366,12 @@ setup_a_tcp_listener(struct socksetup *data, struct sockaddr *addr) paddr(addr)); return -1; } + if (sock > FD_SETSIZE) { + close(sock); + com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high", + sock, paddr(addr)); + return -1; + } if (setreuseaddr(sock, 1) < 0) com_err(data->prog, errno, "Cannot enable SO_REUSEADDR on fd %d", sock); @@ -791,6 +803,10 @@ static void accept_tcp_connection(struct connection *conn, const char *prog, s = accept(conn->fd, addr, &addrlen); if (s < 0) return; + if (s > FD_SETSIZE) { + close(s); + return; + } setnbio(s), setnolinger(s); sockdata.prog = prog; diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c index 4dfc1ef6a..661c2cbea 100644 --- a/src/lib/krb5/os/sendto_kdc.c +++ b/src/lib/krb5/os/sendto_kdc.c @@ -654,6 +654,12 @@ start_connection (struct conn_state *state, dprint("socket: %m creating with af %d\n", state->err, ai->ai_family); return -1; /* try other hosts */ } + if (fd > FD_SETSIZE) { + close(fd); + state->err = EMFILE; + dprint("socket: fd %d too high\n", fd); + return -1; + } /* Make it non-blocking. */ if (ai->ai_socktype == SOCK_STREAM) { static const int one = 1; -- 2.26.2