upstream: handle rlimits > INT_MAX (rlim_t is u64); ok dtucker

author djm@openbsd.org <djm@openbsd.org>

Wed, 21 Jun 2023 05:06:04 +0000 (05:06 +0000)

committer Damien Miller <djm@mindrot.org>

Wed, 21 Jun 2023 05:13:54 +0000 (15:13 +1000)
author djm@openbsd.org <djm@openbsd.org>
Wed, 21 Jun 2023 05:06:04 +0000 (05:06 +0000)
committer Damien Miller <djm@mindrot.org>
Wed, 21 Jun 2023 05:13:54 +0000 (15:13 +1000)
diff --git a/ssh-keyscan.c b/ssh-keyscan.c

index a53188c7b8947bca4df7970d8c41c190df06a47b..96c6e9066161c48a3aac1a859fd8caec3bc2953b 100644 (file)
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.152 2023/03/31 04:21:56 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.153 2023/06/21 05:06:04 djm Exp $ */
  /*
   * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
   *
@@ -23,6 +23,7 @@
  #include <openssl/bn.h>
  #endif
  
+#include <limits.h>
  #include <netdb.h>
  #include <errno.h>
  #ifdef HAVE_POLL_H
@@ -132,12 +133,13 @@ fdlim_get(int hard)
  #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
         struct rlimit rlfd;
  
-       if (getrlimit(RLIMIT_NOFILE, &rlfd) == -1)
-               return (-1);
-       if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY)
+       if (getrlimit(RLIMIT_NOFILE, &rlfd) == -1 ||
+           (hard ? rlfd.rlim_max : rlfd.rlim_cur) < 0)
+               return -1;
+       if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY ||
+           (hard ? rlfd.rlim_max : rlfd.rlim_cur) > INT_MAX)
                 return SSH_SYSFDMAX;
-       else
-               return hard ? rlfd.rlim_max : rlfd.rlim_cur;
+       return hard ? rlfd.rlim_max : rlfd.rlim_cur;
  #else
         return SSH_SYSFDMAX;
  #endif
author	djm@openbsd.org <djm@openbsd.org>
	Wed, 21 Jun 2023 05:06:04 +0000 (05:06 +0000)
committer	Damien Miller <djm@mindrot.org>
	Wed, 21 Jun 2023 05:13:54 +0000 (15:13 +1000)