• Rémi Denis-Courmont's avatar
    Whenever using select() companion macro FD_SET(), one must ensure that · 0ee3f461
    Rémi Denis-Courmont authored
    the specified file descriptor does not exceeds the fd_set limit (FD_SETSIZE).
    Registering a file descriptor above this limit is not defined (read: this is
    a buffer overflow).
    This is not normally exploitable on Linux because FD_SETSIZE equals the
    default limit for file descriptors per processes, but should work on BSDs.
    Cygwin is also very prone to this problem (but right, we don't use it). As
    for Windows, it will overflow if you try to select() more than 64 sockets at
    a time (regardless of the total numbers of socket), but for the sake of
    simplicity and portability, this patch actually prevent opening more than
    64 sockets at all.
    There are still quite a bunch of plugins that needs fixing.
file.c 18.3 KB