avoid fd_set overflows, half by bg@sics.se

author: deraadt <deraadt@openbsd.org> 2000-10-10 10:54:04 +0000
committer: deraadt <deraadt@openbsd.org> 2000-10-10 10:54:04 +0000
commit: a84cd0c52e9c6962676e690f27748a58f7feab0f (patch)
tree: 831444382b853abc73dd933dd9ab6eef79a6c032
parent: Fix non-exploitable buffer oflow in test mode. Also add a line to uncomment (diff)
download: wireguard-openbsd-a84cd0c52e9c6962676e690f27748a58f7feab0f.tar.xz
wireguard-openbsd-a84cd0c52e9c6962676e690f27748a58f7feab0f.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/kerberosIV/src/server/kerberos.c b/kerberosIV/src/server/kerberos.c
index 063317bb626..8598e46ee9f 100644
--- a/kerberosIV/src/server/kerberos.c
+++ b/kerberosIV/src/server/kerberos.c
@@ -559,6 +559,10 @@ mksocket(struct descr *d, struct in_addr addr, int type,
     memset(d, 0, sizeof(struct descr));
     if ((sock = socket(AF_INET, type, 0)) < 0)
 	err (1, "socket");
+    if (sock >= FD_SETSIZE) {
+	errno = EMFILE;
+        errx(1, "aborting: too many descriptors");
+    }
 #if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
     if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
 		   sizeof(on)) < 0)
@@ -1026,7 +1030,7 @@ loop(struct descr *fds, int nfds)
 		    if(accepted) continue;
 		    accepted = 1;
 		    s = accept(n->s, NULL, 0);
-		    if(minfree == NULL){
+		    if (minfree == NULL || s >= FD_SETSIZE) {
 			kerb_err_reply(s, NULL, KFAILURE, "Out of memory");
 			close(s);
 		    }else{
author	deraadt <deraadt@openbsd.org>	2000-10-10 10:54:04 +0000
committer	deraadt <deraadt@openbsd.org>	2000-10-10 10:54:04 +0000
commit	a84cd0c52e9c6962676e690f27748a58f7feab0f (patch)
tree	831444382b853abc73dd933dd9ab6eef79a6c032
parent	Fix non-exploitable buffer oflow in test mode. Also add a line to uncomment (diff)
download	wireguard-openbsd-a84cd0c52e9c6962676e690f27748a58f7feab0f.tar.xz wireguard-openbsd-a84cd0c52e9c6962676e690f27748a58f7feab0f.zip