Bugtraq mailing list archives
Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow
From: Damien Miller <djm () mindrot org>
Date: Sat, 29 Jan 2005 10:17:00 +1100
David LeBlanc wrote:
if (__i == ((fd_set FAR *)(set))->fd_count) { \ if (((fd_set FAR *)(set))->fd_count < FD_SETSIZE) { \ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ((fd_set FAR *)(set))->fd_array[__i] = (fd); \ ((fd_set FAR *)(set))->fd_count++; \ } \ } \} while(0)So if you attempted to put FD_SETSIZE + 1 sockets into an fd_set, it would just fail.
This effectively limits select to a maximum of FD_SETSIZE descriptors on Windows. I don't think that this limitiation exists on other platforms. Correctly written programs dynamically allocate their FD_SETs to avoid these problems (or they use poll or some other mechanism instead). -d
Current thread:
- SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow 3APA3A (Jan 24)
- Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow Michael Hampton (Jan 25)
- <Possible follow-ups>
- RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow David LeBlanc (Jan 28)
- Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow Damien Miller (Jan 29)
- Re[2]: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow 3APA3A (Jan 31)
- RE: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow David LeBlanc (Jan 29)
- Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow Lee Dilkie (Jan 29)
- Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow Casper . Dik (Jan 31)
- Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow Lee Dilkie (Jan 29)