pull up r20127 from trunk

 r20127@cathode-dark-space:  raeburn | 2007-10-17 20:14:01 -0400
 Reject socket fds > FD_SETSIZE.

ticket: 5995

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20586 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/kdc/network.c b/src/kdc/network.c
index 45604466b1c1813cea643a440ac434b4aca86569..3bf18786ce2f58759d6b03ee3085e1e21e59892d 100644 (file)
--- a/src/kdc/network.c
+++ b/src/kdc/network.c
@@ -277,6 +277,12 @@ add_fd (struct socksetup *data, int sock, enum kdc_conn_type conntype,
     struct connection *newconn;
     void *tmp;
 
+    if (sock > FD_SETSIZE) {
+       data->retval = EMFILE;  /* XXX */
+       com_err(data->prog, 0,
+               "file descriptor number %d too high", sock);
+       return 0;
+    }
     newconn = malloc(sizeof(*newconn));
     if (newconn == 0) {
        data->retval = errno;
@@ -360,6 +366,12 @@ setup_a_tcp_listener(struct socksetup *data, struct sockaddr *addr)
                paddr(addr));
        return -1;
     }
+    if (sock > FD_SETSIZE) {
+       close(sock);
+       com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high",
+               sock, paddr(addr));
+       return -1;
+    }
     if (setreuseaddr(sock, 1) < 0)
        com_err(data->prog, errno,
                "Cannot enable SO_REUSEADDR on fd %d", sock);
@@ -791,6 +803,10 @@ static void accept_tcp_connection(struct connection *conn, const char *prog,
     s = accept(conn->fd, addr, &addrlen);
     if (s < 0)
        return;
+    if (s > FD_SETSIZE) {
+       close(s);
+       return;
+    }
     setnbio(s), setnolinger(s);
 
     sockdata.prog = prog;

diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
index 4dfc1ef6a8d7af033e14ccafc18216be5fd27875..661c2cbea6df03234d4b3a5fbbc690749c0b219d 100644 (file)
--- a/src/lib/krb5/os/sendto_kdc.c
+++ b/src/lib/krb5/os/sendto_kdc.c
@@ -654,6 +654,12 @@ start_connection (struct conn_state *state,
        dprint("socket: %m creating with af %d\n", state->err, ai->ai_family);
        return -1;              /* try other hosts */
     }
+    if (fd > FD_SETSIZE) {
+       close(fd);
+       state->err = EMFILE;
+       dprint("socket: fd %d too high\n", fd);
+       return -1;
+    }
     /* Make it non-blocking.  */
     if (ai->ai_socktype == SOCK_STREAM) {
        static const int one = 1;