diff options
author | Frantisek Sumsal <frantisek@sumsal.cz> | 2023-05-04 16:45:36 +0200 |
---|---|---|
committer | Frantisek Sumsal <frantisek@sumsal.cz> | 2023-05-05 22:15:23 +0200 |
commit | cc938f1ce0f1eafc435e0dd1d9fe45aaedc526e1 (patch) | |
tree | 4b2b78884264f2652a2c9a43cc640cff82f5c80d /src/shared | |
parent | 77be02ad3cca5150fb84fc452dfda34e61f9ab8c (diff) | |
download | systemd-cc938f1ce0f1eafc435e0dd1d9fe45aaedc526e1.tar.gz |
shared: refuse fd == INT_MAX
Since we do `FD_TO_PTR(fd)` that expands to `INT_TO_PTR(fd) + 1` which
triggers an integer overflow.
Resolves: #27522
Diffstat (limited to 'src/shared')
-rw-r--r-- | src/shared/fdset.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/shared/fdset.c b/src/shared/fdset.c index d816a3e4ef..2138ffcdb9 100644 --- a/src/shared/fdset.c +++ b/src/shared/fdset.c @@ -77,6 +77,10 @@ int fdset_put(FDSet *s, int fd) { assert(s); assert(fd >= 0); + /* Avoid integer overflow in FD_TO_PTR() */ + if (fd == INT_MAX) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Refusing invalid fd: %d", fd); + return set_put(MAKE_SET(s), FD_TO_PTR(fd)); } @@ -115,6 +119,12 @@ bool fdset_contains(FDSet *s, int fd) { assert(s); assert(fd >= 0); + /* Avoid integer overflow in FD_TO_PTR() */ + if (fd == INT_MAX) { + log_debug("Refusing invalid fd: %d", fd); + return false; + } + return !!set_get(MAKE_SET(s), FD_TO_PTR(fd)); } @@ -122,6 +132,10 @@ int fdset_remove(FDSet *s, int fd) { assert(s); assert(fd >= 0); + /* Avoid integer overflow in FD_TO_PTR() */ + if (fd == INT_MAX) + return log_debug_errno(SYNTHETIC_ERRNO(ENOENT), "Refusing invalid fd: %d", fd); + return set_remove(MAKE_SET(s), FD_TO_PTR(fd)) ? fd : -ENOENT; } |