[src/trunk]: src/usr.sbin die if fd_set overrun. (they're not setuid binary s...

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/940d43bef6e7
branches:  trunk
changeset: 535043:940d43bef6e7
user:      itojun <itojun%NetBSD.org@localhost>
date:      Fri Aug 09 02:17:26 2002 +0000

description:
die if fd_set overrun. (they're not setuid binary so it is not that critical)

diffstat:

 usr.sbin/map-mbone/mapper.c |   4 +++-
 usr.sbin/mld6query/mld6.c   |   4 +++-
 usr.sbin/moused/moused.c    |  16 ++++++++++++----
 usr.sbin/mrouted/main.c     |   8 ++++++--
 4 files changed, 24 insertions(+), 8 deletions(-)

diffs (108 lines):

diff -r eda062645e14 -r 940d43bef6e7 usr.sbin/map-mbone/mapper.c
--- a/usr.sbin/map-mbone/mapper.c       Fri Aug 09 02:09:25 2002 +0000
+++ b/usr.sbin/map-mbone/mapper.c       Fri Aug 09 02:17:26 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: mapper.c,v 1.10 2002/07/14 15:34:58 wiz Exp $  */
+/*     $NetBSD: mapper.c,v 1.11 2002/08/09 02:17:26 itojun Exp $       */
 
 /* Mapper for connections between MRouteD multicast routers.
  * Written by Pavel Curtis <Pavel%PARC.Xerox.Com@localhost>
@@ -906,6 +906,8 @@
        int             count, recvlen, dummy = 0;
 
        FD_ZERO(&fds);
+       if (igmp_socket >= FD_SETSIZE)
+           log(LOG_ERR, 0, "descriptor too big");
        FD_SET(igmp_socket, &fds);
 
        tv.tv_sec = timeout;
diff -r eda062645e14 -r 940d43bef6e7 usr.sbin/mld6query/mld6.c
--- a/usr.sbin/mld6query/mld6.c Fri Aug 09 02:09:25 2002 +0000
+++ b/usr.sbin/mld6query/mld6.c Fri Aug 09 02:17:26 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: mld6.c,v 1.5 2002/07/20 08:40:18 grant Exp $   */
+/*     $NetBSD: mld6.c,v 1.6 2002/08/09 02:17:27 itojun Exp $  */
 /*     $KAME: mld6.c,v 1.9 2000/12/04 06:29:37 itojun Exp $    */
 
 /*
@@ -141,6 +141,8 @@
        (void)setitimer(ITIMER_REAL, &itimer, NULL);
 
        FD_ZERO(&fdset);
+       if (s >= FD_SETSIZE)
+               errx(1, "descriptor too big");
        for (;;) {
                FD_SET(s, &fdset);
                if ((i = select(s + 1, &fdset, NULL, NULL, NULL)) < 0)
diff -r eda062645e14 -r 940d43bef6e7 usr.sbin/moused/moused.c
--- a/usr.sbin/moused/moused.c  Fri Aug 09 02:09:25 2002 +0000
+++ b/usr.sbin/moused/moused.c  Fri Aug 09 02:17:26 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: moused.c,v 1.6 2002/04/22 13:08:34 wiz Exp $ */
+/* $NetBSD: moused.c,v 1.7 2002/08/09 02:17:28 itojun Exp $ */
 /**
  ** Copyright (c) 1995 Michael Smith, All rights reserved.
  **
@@ -48,7 +48,7 @@
 #include <sys/cdefs.h>
 
 #ifndef lint
-__RCSID("$NetBSD: moused.c,v 1.6 2002/04/22 13:08:34 wiz Exp $");
+__RCSID("$NetBSD: moused.c,v 1.7 2002/08/09 02:17:28 itojun Exp $");
 #endif /* not lint */
 
 #include <ctype.h>
@@ -904,11 +904,19 @@
     for (;;) {
 
        FD_ZERO(&fds);
+       if (rodent.mfd >= FD_SETSIZE)
+           logerr(1, "descriptor too big");
        FD_SET(rodent.mfd, &fds);
-       if (rodent.mremsfd >= 0)
+       if (rodent.mremsfd >= 0) {
+           if (rodent.mremsfd >= FD_SETSIZE)
+               logerr(1, "descriptor too big");
            FD_SET(rodent.mremsfd, &fds);
-       if (rodent.mremcfd >= 0)
+       }
+       if (rodent.mremcfd >= 0) {
+           if (rodent.mremcfd >= FD_SETSIZE)
+               logerr(1, "descriptor too big");
            FD_SET(rodent.mremcfd, &fds);
+       }
 
        c = select(FD_SETSIZE, &fds, NULL, NULL,
                   (rodent.flags & Emulate3Button) ? &timeout : NULL);
diff -r eda062645e14 -r 940d43bef6e7 usr.sbin/mrouted/main.c
--- a/usr.sbin/mrouted/main.c   Fri Aug 09 02:09:25 2002 +0000
+++ b/usr.sbin/mrouted/main.c   Fri Aug 09 02:17:26 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: main.c,v 1.15 2002/07/14 16:30:42 wiz Exp $    */
+/*     $NetBSD: main.c,v 1.16 2002/08/09 02:17:29 itojun Exp $ */
 
 /*
  * The mrouted program is covered by the license in the accompanying file
@@ -29,7 +29,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("@(#) $NetBSD: main.c,v 1.15 2002/07/14 16:30:42 wiz Exp $");
+__RCSID("@(#) $NetBSD: main.c,v 1.16 2002/08/09 02:17:29 itojun Exp $");
 #endif
 
 #include <err.h>
@@ -257,9 +257,13 @@
        (void)signal(SIGQUIT, dump);
 
     FD_ZERO(&readers);
+    if (igmp_socket >= FD_SETSIZE)
+       log(LOG_ERR, 0, "descriptor too big");
     FD_SET(igmp_socket, &readers);
     nfds = igmp_socket + 1;
     for (i = 0; i < nhandlers; i++) {
+       if (ihandlers[i].fd >= FD_SETSIZE)
+           log(LOG_ERR, 0, "descriptor too big");
        FD_SET(ihandlers[i].fd, &readers);
        if (ihandlers[i].fd >= nfds)
            nfds = ihandlers[i].fd + 1;