git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan.karger@fox-it.com>
	Thu, 3 Mar 2016 09:22:48 +0000 (10:22 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Sun, 6 Mar 2016 11:14:36 +0000 (12:14 +0100)
commit	1746908f66f5517a525ee2c114a0f7104c29dfad
tree	5b322e689cf5ac11dd01fa102a5ce34d7e1ff2ec	tree
parent	6a8e946174509ca50c63842f155ce5c90cfe43e0	commit \| diff

hardening: add safe FD_SET() wrapper openvpn_fd_set()

On many platforms (not Windows, for once), FD_SET() can write outside the
given fd_set if an fd >= FD_SETSIZE is given. To make sure we don't do
that, add an ASSERT() to error out with a clear error message when this
does happen.

This patch was inspired by remarks about FD_SET() from Sebastian Krahmer
of the SuSE Security Team.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1456996968-29472-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11285
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit e0b3fd49e2b5bba8cb57419a13cb75b56ac91b94)

src/openvpn/event.c		diff \| blob \| blame \| history
src/openvpn/fdmisc.h		diff \| blob \| blame \| history
src/openvpn/proxy.c		diff \| blob \| blame \| history
src/openvpn/socket.c		diff \| blob \| blame \| history
src/openvpn/socks.c		diff \| blob \| blame \| history