summaryrefslogtreecommitdiff
path: root/pppd/tty.c
diff options
context:
space:
mode:
authorPaul Mackerras <paulus@samba.org>2002-12-06 12:06:45 +0000
committerPaul Mackerras <paulus@samba.org>2002-12-06 12:06:45 +0000
commitfc8efe940e9364ffd8d05023f0d96747f854388b (patch)
treed3256afd7e9a2cf3e7d7f6376bf5c7c1c1926a73 /pppd/tty.c
parentc94534ca7dc9122687d1bc4cef38d9a81ff44048 (diff)
downloadppp-fc8efe940e9364ffd8d05023f0d96747f854388b.tar.gz
Make sure we don't do FD_SET(fd, set) with fd >= FD_SETSIZE since
that could corrupt memory, and maybe could form the basis of an attack on pppd. The problem was pointed out by Jun-ichiro itojun Hagino.
Diffstat (limited to 'pppd/tty.c')
-rw-r--r--pppd/tty.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/pppd/tty.c b/pppd/tty.c
index 803d8ba..efc92ec 100644
--- a/pppd/tty.c
+++ b/pppd/tty.c
@@ -73,7 +73,7 @@
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#define RCSID "$Id: tty.c,v 1.8 2002/12/04 23:03:33 paulus Exp $"
+#define RCSID "$Id: tty.c,v 1.9 2002/12/06 12:06:45 paulus Exp $"
#include <stdio.h>
#include <ctype.h>
@@ -993,6 +993,13 @@ charshunt(ifd, ofd, record_file)
#endif
/*
+ * Check that the fds won't overrun the fd_sets
+ */
+ if (ifd >= FD_SETSIZE || ofd >= FD_SETSIZE || pty_master >= FD_SETSIZE)
+ fatal("internal error: file descriptor too large (%d, %d, %d)",
+ ifd, ofd, pty_master);
+
+ /*
* Open the record file if required.
*/
if (record_file != NULL) {