Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 139320 Details for
Bug 203328
net-analyzer/tcpreen < 1.4.4 FD_SET Buffer Overflow Vulnerability (CVE-2007-6562)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
tcpreen-FD_SETSIZE-197-198.patch
tcpreen-FD_SETSIZE-197-198.patch (text/plain), 1.31 KB, created by
Robert Buchholz (RETIRED)
on 2007-12-25 23:55:02 UTC
(
hide
)
Description:
tcpreen-FD_SETSIZE-197-198.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2007-12-25 23:55:02 UTC
Size:
1.31 KB
patch
obsolete
>Index: libsolve/sockprot.cpp >=================================================================== >--- libsolve/sockprot.cpp (revision 197) >+++ libsolve/sockprot.cpp (revision 198) >@@ -229,14 +229,19 @@ > if (nonblock) > return fd; > >+#ifndef WIN32 >+ if (fd >= FD_SETSIZE) >+ { >+ close (fd); >+ errno = EMFILE; >+ } >+#endif >+ > /* Waits until connection is established */ > fd_set s; > FD_ZERO (&s); > FD_SET (fd, &s); > >- int err = 0; >- socklen_t len = sizeof (err); >- > if (select (fd + 1, NULL, &s, NULL, NULL) != 1) > { > SetError (); >@@ -248,6 +253,9 @@ > continue; > } > >+ int err = 0; >+ socklen_t len = sizeof (err); >+ > if (getsockopt (fd, SOL_SOCKET, SO_ERROR, &err, &len)) > { > SetError (); >Index: src/bridge.cpp >=================================================================== >--- src/bridge.cpp (revision 197) >+++ src/bridge.cpp (revision 198) >@@ -34,6 +34,7 @@ > #ifdef HAVE_SYS_SOCKET_H > # include <sys/socket.h> // shutdown(), send(), recv() > #endif >+#include <errno.h> > > #include "log.h" > >@@ -115,6 +116,14 @@ > long totalcount = 0; > bridge b[2]; > >+#ifndef WIN32 >+ if ((fds[0] >= FD_SETSIZE) || (fds[1] >= FD_SETSIZE)) >+ { >+ errno = EINVAL; >+ return -1; >+ } >+#endif >+ > b[0].outfd = b[1].infd = fds[0]; > b[0].infd = b[1].outfd = fds[1]; > b[0].buflen = b[1].buflen = 0;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 203328
: 139320