git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan.karger@fox-it.com>
	Thu, 3 Mar 2016 09:22:48 +0000 (10:22 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 6 Mar 2016 10:14:44 +0000 (11:14 +0100)
commit	e0b3fd49e2b5bba8cb57419a13cb75b56ac91b94
tree	433b8d535f82776696a564972d3030f041d88a08	tree
parent	13de0103ea361e2be24ab8b16f5be269c6ab7496	commit \| diff

hardening: add safe FD_SET() wrapper openvpn_fd_set()

On many platforms (not Windows, for once), FD_SET() can write outside the
given fd_set if an fd >= FD_SETSIZE is given. To make sure we don't do
that, add an ASSERT() to error out with a clear error message when this
does happen.

This patch was inspired by remarks about FD_SET() from Sebastian Krahmer
of the SuSE Security Team.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1456996968-29472-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11285
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/event.c		diff \| blob \| blame \| history
src/openvpn/fdmisc.h		diff \| blob \| blame \| history
src/openvpn/proxy.c		diff \| blob \| blame \| history
src/openvpn/socket.c		diff \| blob \| blame \| history
src/openvpn/socks.c		diff \| blob \| blame \| history