On many platforms (not Windows, for once), FD_SET() can write outside the
given fd_set if an fd >= FD_SETSIZE is given. To make sure we don't do
that, add an ASSERT() to error out with a clear error message when this
does happen.
This patch was inspired by remarks about FD_SET() from Sebastian Krahmer
of the SuSE Security Team.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
1456996968-29472-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11285
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit
e0b3fd49e2b5bba8cb57419a13cb75b56ac91b94)
if (ses->fast)
{
if (rwflags & EVENT_READ)
- FD_SET (event, &ses->readfds);
+ openvpn_fd_set (event, &ses->readfds);
if (rwflags & EVENT_WRITE)
- FD_SET (event, &ses->writefds);
+ openvpn_fd_set (event, &ses->writefds);
}
else
{
if (rwflags & EVENT_READ)
- FD_SET (event, &ses->readfds);
+ openvpn_fd_set (event, &ses->readfds);
else
FD_CLR (event, &ses->readfds);
if (rwflags & EVENT_WRITE)
- FD_SET (event, &ses->writefds);
+ openvpn_fd_set (event, &ses->writefds);
else
FD_CLR (event, &ses->writefds);
}
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+#ifndef FD_MISC_H
+#define FD_MISC_H
+
#include "basic.h"
+#include "error.h"
+#include "syshead.h"
bool set_nonblock_action (int fd);
bool set_cloexec_action (int fd);
void set_nonblock (int fd);
void set_cloexec (int fd);
+
+static inline void openvpn_fd_set(int fd, fd_set *setp)
+{
+#ifndef WIN32 /* The Windows FD_SET() implementation does not overflow */
+ ASSERT (fd >= 0 && fd < FD_SETSIZE);
+#endif
+ FD_SET (fd, setp);
+}
+#undef FD_SET /* prevent direct use of FD_SET() */
+
+#endif /* FD_MISC_H */
}
FD_ZERO (&reads);
- FD_SET (sd, &reads);
+ openvpn_fd_set (sd, &reads);
tv.tv_sec = timeout_sec;
tv.tv_usec = 0;
struct timeval tv;
FD_ZERO (&reads);
- FD_SET (sd, &reads);
+ openvpn_fd_set (sd, &reads);
tv.tv_sec = 0;
tv.tv_usec = 0;
struct timeval tv;
FD_ZERO (&writes);
- FD_SET (sd, &writes);
+ openvpn_fd_set (sd, &writes);
tv.tv_sec = 0;
tv.tv_usec = 0;
char c;
FD_ZERO (&reads);
- FD_SET (sd, &reads);
+ openvpn_fd_set (sd, &reads);
tv.tv_sec = timeout_sec;
tv.tv_usec = 0;
char c;
FD_ZERO (&reads);
- FD_SET (sd, &reads);
+ openvpn_fd_set (sd, &reads);
tv.tv_sec = timeout_sec;
tv.tv_usec = 0;
char c;
FD_ZERO (&reads);
- FD_SET (sd, &reads);
+ openvpn_fd_set (sd, &reads);
tv.tv_sec = timeout_sec;
tv.tv_usec = 0;
projects / thirdparty / openvpn.git / commitdiff
