[v9_9] disallow out-of-range descriptors in isc_socket_fdwatchcreate()

2016-03-22 18:12:07 -07:00
parent bb68c78aac
commit 955c101ff5
2 changed files with 7 additions and 2 deletions
--- a/lib/isc/include/isc/socket.h
+++ b/lib/isc/include/isc/socket.h
@@ -370,7 +370,8 @@ isc_socket_fdwatchcreate(isc_socketmgr_t *manager,
 *
 * Note:
 *
- *\li   'fd' is the already-opened file descriptor.
+ *\li   'fd' is the already-opened file descriptor (must be less
+ * 	than maxsockets).
 *\li	This function is not available on Windows.
 *\li	The callback function is called "in-line" - this means the function
 *	needs to return as fast as possible, as all other I/O will be suspended
@@ -394,6 +395,7 @@ isc_socket_fdwatchcreate(isc_socketmgr_t *manager,
 *\li	#ISC_R_NOMEMORY
 *\li	#ISC_R_NORESOURCES
 *\li	#ISC_R_UNEXPECTED
+ *\li	#ISC_R_RANGE
 */

 isc_result_t
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -2063,7 +2063,7 @@ destroy(isc__socket_t **sockp) {
 	INSIST(ISC_LIST_EMPTY(sock->recv_list));
 	INSIST(ISC_LIST_EMPTY(sock->send_list));
 	INSIST(sock->connect_ev == NULL);
-	REQUIRE(sock->fd == -1 || sock->fd < (int)manager->maxsocks);
+	INSIST(sock->fd >= -1 && sock->fd < (int)manager->maxsocks);

 	if (sock->fd >= 0) {
 		fd = sock->fd;
@@ -2781,6 +2781,9 @@ isc__socket_fdwatchcreate(isc_socketmgr_t *manager0, int fd, int flags,
 	REQUIRE(VALID_MANAGER(manager));
 	REQUIRE(socketp != NULL && *socketp == NULL);

+	if (fd < 0 || (unsigned int)fd >= manager->maxsocks)
+		return (ISC_R_RANGE);
+
 	result = allocate_socket(manager, isc_sockettype_fdwatch, &sock);
 	if (result != ISC_R_SUCCESS)
 		return (result);