[v9_9] disallow out-of-range descriptors in isc_socket_fdwatchcreate()

diff --git a/lib/isc/include/isc/socket.h b/lib/isc/include/isc/socket.h
index 97e2f7605b9c79732134a5e869c1aba04d65b1c9..e0fad55388f97d76c5a0eedd1198c11df9afa700 100644 (file)
--- a/lib/isc/include/isc/socket.h
+++ b/lib/isc/include/isc/socket.h
@@ -370,7 +370,8 @@ isc_socket_fdwatchcreate(isc_socketmgr_t *manager,
  *
  * Note:
  *
- *\li   'fd' is the already-opened file descriptor.
+ *\li   'fd' is the already-opened file descriptor (must be less
+ *     than maxsockets).
  *\li  This function is not available on Windows.
  *\li  The callback function is called "in-line" - this means the function
  *     needs to return as fast as possible, as all other I/O will be suspended
@@ -394,6 +395,7 @@ isc_socket_fdwatchcreate(isc_socketmgr_t *manager,
  *\li  #ISC_R_NOMEMORY
  *\li  #ISC_R_NORESOURCES
  *\li  #ISC_R_UNEXPECTED
+ *\li  #ISC_R_RANGE
  */
 
 isc_result_t

diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index e10c3f02b46fc0e70466fa0fb8391ef3637b7c2c..28f8b5a15b871506050ecc72a98eff5338717774 100644 (file)
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -2063,7 +2063,7 @@ destroy(isc__socket_t **sockp) {
        INSIST(ISC_LIST_EMPTY(sock->recv_list));
        INSIST(ISC_LIST_EMPTY(sock->send_list));
        INSIST(sock->connect_ev == NULL);
-       REQUIRE(sock->fd == -1 || sock->fd < (int)manager->maxsocks);
+       INSIST(sock->fd >= -1 && sock->fd < (int)manager->maxsocks);
 
        if (sock->fd >= 0) {
                fd = sock->fd;
@@ -2781,6 +2781,9 @@ isc__socket_fdwatchcreate(isc_socketmgr_t *manager0, int fd, int flags,
        REQUIRE(VALID_MANAGER(manager));
        REQUIRE(socketp != NULL && *socketp == NULL);
 
+       if (fd < 0 || (unsigned int)fd >= manager->maxsocks)
+               return (ISC_R_RANGE);
+
        result = allocate_socket(manager, isc_sockettype_fdwatch, &sock);
        if (result != ISC_R_SUCCESS)
                return (result);