core: Make sure FD_SET is not used with an out of range fd.
authorWerner Koch <wk@gnupg.org>
Tue, 14 Jun 2016 06:35:12 +0000 (08:35 +0200)
committerWerner Koch <wk@gnupg.org>
Tue, 14 Jun 2016 06:38:34 +0000 (08:38 +0200)
* src/posix-io.c (_gpgme_io_select): Check for FD out of range.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
src/posix-io.c

index f336153..258e8ea 100644 (file)
@@ -604,6 +604,12 @@ _gpgme_io_select (struct io_select_fd_s *fds, size_t nfds, int nonblock)
        continue;
       if (fds[i].for_read)
        {
+          if (fds[i].fd >= FD_SETSIZE)
+            {
+              TRACE_END (dbg_help, " -BAD- ]");
+              gpg_err_set_errno (EBADF);
+              return TRACE_SYSRES (-1);
+            }
          assert (!FD_ISSET (fds[i].fd, &readfds));
          FD_SET (fds[i].fd, &readfds);
          if (fds[i].fd > max_fd)
@@ -613,6 +619,12 @@ _gpgme_io_select (struct io_select_fd_s *fds, size_t nfds, int nonblock)
         }
       else if (fds[i].for_write)
        {
+          if (fds[i].fd >= FD_SETSIZE)
+            {
+              TRACE_END (dbg_help, " -BAD- ]");
+              gpg_err_set_errno (EBADF);
+              return TRACE_SYSRES (-1);
+            }
          assert (!FD_ISSET (fds[i].fd, &writefds));
          FD_SET (fds[i].fd, &writefds);
          if (fds[i].fd > max_fd)