diff options
| author | Risto Kankkunen <unknown> | 2007-10-09 19:44:13 -0700 |
|---|---|---|
| committer | Rafael Garcia-Suarez <rgarciasuarez@gmail.com> | 2008-06-17 07:23:51 +0000 |
| commit | 8dc00b2f10de49b4d2d4be48279a996698c3f04a (patch) | |
| tree | 51fbfe0cc2f87f484b8e785f4e22f24daedda0c8 /win32 | |
| parent | 1d8eaf8cf59b440c0fa63ff8dfca4ae76cf04fd0 (diff) | |
| download | perl-8dc00b2f10de49b4d2d4be48279a996698c3f04a.tar.gz | |
[perl #46309] Buffer overflow in win32_select() (PATCH included)
From: Risto Kankkunen (via RT) <perlbug-followup@perl.org>
Message-ID: <rt-3.6.HEAD-10743-1192009453-1788.46309-75-0@perl.org>
p4raw-id: //depot/perl@34067
Diffstat (limited to 'win32')
| -rw-r--r-- | win32/win32sck.c | 30 |
1 files changed, 8 insertions, 22 deletions
diff --git a/win32/win32sck.c b/win32/win32sck.c index 26bef5ed24..2427cb3af4 100644 --- a/win32/win32sck.c +++ b/win32/win32sck.c @@ -259,9 +259,8 @@ win32_select(int nfds, Perl_fd_set* rd, Perl_fd_set* wr, Perl_fd_set* ex, const { int r; #ifdef USE_SOCKETS_AS_HANDLES - Perl_fd_set dummy; int i, fd, save_errno = errno; - FD_SET nrd, nwr, nex, *prd, *pwr, *pex; + FD_SET nrd, nwr, nex; /* winsock seems incapable of dealing with all three null fd_sets, * so do the (millisecond) sleep as a special case @@ -275,44 +274,31 @@ win32_select(int nfds, Perl_fd_set* rd, Perl_fd_set* wr, Perl_fd_set* ex, const return 0; } StartSockets(); - PERL_FD_ZERO(&dummy); - if (!rd) - rd = &dummy, prd = NULL; - else - prd = &nrd; - if (!wr) - wr = &dummy, pwr = NULL; - else - pwr = &nwr; - if (!ex) - ex = &dummy, pex = NULL; - else - pex = &nex; FD_ZERO(&nrd); FD_ZERO(&nwr); FD_ZERO(&nex); for (i = 0; i < nfds; i++) { fd = TO_SOCKET(i); - if (PERL_FD_ISSET(i,rd)) + if (rd && PERL_FD_ISSET(i,rd)) FD_SET((unsigned)fd, &nrd); - if (PERL_FD_ISSET(i,wr)) + if (wr && PERL_FD_ISSET(i,wr)) FD_SET((unsigned)fd, &nwr); - if (PERL_FD_ISSET(i,ex)) + if (ex && PERL_FD_ISSET(i,ex)) FD_SET((unsigned)fd, &nex); } errno = save_errno; - SOCKET_TEST_ERROR(r = select(nfds, prd, pwr, pex, timeout)); + SOCKET_TEST_ERROR(r = select(nfds, &nrd, &nwr, &nex, timeout)); save_errno = errno; for (i = 0; i < nfds; i++) { fd = TO_SOCKET(i); - if (PERL_FD_ISSET(i,rd) && !FD_ISSET(fd, &nrd)) + if (rd && PERL_FD_ISSET(i,rd) && !FD_ISSET(fd, &nrd)) PERL_FD_CLR(i,rd); - if (PERL_FD_ISSET(i,wr) && !FD_ISSET(fd, &nwr)) + if (wr && PERL_FD_ISSET(i,wr) && !FD_ISSET(fd, &nwr)) PERL_FD_CLR(i,wr); - if (PERL_FD_ISSET(i,ex) && !FD_ISSET(fd, &nex)) + if (ex && PERL_FD_ISSET(i,ex) && !FD_ISSET(fd, &nex)) PERL_FD_CLR(i,ex); } errno = save_errno; |