From 206c66d4b214c5f4b994ecd17f111b8bf053f8da Mon Sep 17 00:00:00 2001 From: Philipp Schafft Date: Sun, 29 Jan 2023 13:57:49 +0000 Subject: [PATCH] Update: Workaround for unsafe select(2) When select(2) is used we only support as many file handles as there is space in fd_set. The limit is given in FD_SETSIZE. Once we use filehandles with an value >= FD_SETSIZE we might end up corrupting memory. Therefore we try to avoid those calls by rejecting handles >= FD_SETSIZE very early. This patch should keep most problems away. However it does not actually ensure we don't corrupt memory. That check has been skipped for performance reasons. Keeping in mind that the use of select(2) is already deprecated. --- src/connection.c | 7 +++++++ src/listensocket.c | 10 ++++++++++ 2 files changed, 17 insertions(+) diff --git a/src/connection.c b/src/connection.c index 71e56f2b..bdea9bfd 100644 --- a/src/connection.c +++ b/src/connection.c @@ -471,6 +471,13 @@ connection_t *connection_create(sock_t sock, listensocket_t *listensocket_real, if (!matchfile_match_allow_deny(allowed_ip, banned_ip, ip)) return NULL; +#ifndef HAVE_POLL + if (sock >= FD_SETSIZE) { + ICECAST_LOG_ERROR("Can not create connection: System filehandle set overflow"); + return NULL; + } +#endif + con = (connection_t *)calloc(1, sizeof(connection_t)); if (con) { refobject_ref(listensocket_real); diff --git a/src/listensocket.c b/src/listensocket.c index 0a716be4..4e8e0c5e 100644 --- a/src/listensocket.c +++ b/src/listensocket.c @@ -726,6 +726,16 @@ static int listensocket_refsock(listensocket_t *self, bool prefer_inet6) return -1; } +#ifndef HAVE_POLL + if (self->sock >= FD_SETSIZE) { + sock_close(self->sock); + self->sock = SOCK_ERROR; + thread_mutex_unlock(&self->lock); + ICECAST_LOG_ERROR("Can not listen on socket: %s port %i: System filehandle set overflow", __string_default(self->listener->bind_address, ""), self->listener->port); + return -1; + } +#endif + if (__socket_listen(self->sock, self->listener) == 0) { sock_close(self->sock); self->sock = SOCK_ERROR;