eloop: Fix fd_table allocation for epoll and kqueue

The previous implementation did not work if the first registered socket
had fd > 16 or if the fd was more than double the largest value used in
previous registrations. Those cases could result in too small a memory
allocation being used and writes/reads beyond the end of that buffer.

This fix is applicable to CONFIG_ELOOP_EPOLL=y and CONFIG_ELOOP_KQUEUE=y
builds.

Fixes: f0356ec85c46 ("eloop: Add epoll option for better performance")
Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/utils/eloop.c b/src/utils/eloop.c
index 436bc8c9933890f2db2ab70bea93c38a338e87f4..fb90d17a79d020f44d1af24452f978550a8409e6 100644 (file)
--- a/src/utils/eloop.c
+++ b/src/utils/eloop.c
@@ -301,7 +301,7 @@ static int eloop_sock_table_add_sock(struct eloop_sock_table *table,
 #endif /* CONFIG_ELOOP_POLL */
 #if defined(CONFIG_ELOOP_EPOLL) || defined(CONFIG_ELOOP_KQUEUE)
        if (new_max_sock >= eloop.max_fd) {
-               next = eloop.max_fd == 0 ? 16 : eloop.max_fd * 2;
+               next = new_max_sock + 16;
                temp_table = os_realloc_array(eloop.fd_table, next,
                                              sizeof(struct eloop_sock));
                if (temp_table == NULL)