diff options
author | Pino Toscano <toscano.pino@tiscali.it> | 2012-05-10 15:32:53 -0700 |
---|---|---|
committer | Roland McGrath <roland@hack.frob.com> | 2012-05-10 15:57:27 -0700 |
commit | c6474b07e7b5f0cdc9089c1c4fcfc4fcaa2bcd92 (patch) | |
tree | 59c394e0c9fa8a3bde967e40cea2b6567714483d | |
parent | 1043890b10996ec4b14cd01040b82610760d5d4a (diff) | |
download | glibc-c6474b07e7b5f0cdc9089c1c4fcfc4fcaa2bcd92.tar.gz |
Hurd: _hurd_select: check for invalid parameter values
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | hurd/hurdselect.c | 28 |
2 files changed, 27 insertions, 7 deletions
@@ -1,3 +1,9 @@ +2012-05-10 Pino Toscano <toscano.pino@tiscali.it> + + * hurd/hurdselect.c (_hurd_select): Return EINVAL for negative + TIMEOUT values. Return EINVAL for NFDS values either negative or + greater than FD_SETSIZE. + 2012-05-10 Samuel Thibault <samuel.thibault@ens-lyon.org> * sysdeps/mach/hurd/brk.c (_hurd_set_brk): When more space needs to be diff --git a/hurd/hurdselect.c b/hurd/hurdselect.c index 25d9d9f23a..21ba5f42a4 100644 --- a/hurd/hurdselect.c +++ b/hurd/hurdselect.c @@ -1,6 +1,5 @@ /* Guts of both `select' and `poll' for Hurd. - Copyright (C) 1991,92,93,94,95,96,97,98,99,2001 - Free Software Foundation, Inc. + Copyright (C) 1991-2012 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -49,10 +48,7 @@ _hurd_select (int nfds, error_t err; fd_set rfds, wfds, xfds; int firstfd, lastfd; - mach_msg_timeout_t to = (timeout != NULL ? - (timeout->tv_sec * 1000 + - (timeout->tv_nsec + 999999) / 1000000) : - 0); + mach_msg_timeout_t to = 0; struct { struct hurd_userlink ulink; @@ -71,6 +67,24 @@ _hurd_select (int nfds, assert (sizeof (union typeword) == sizeof (mach_msg_type_t)); assert (sizeof (uint32_t) == sizeof (mach_msg_type_t)); + if (nfds < 0 || nfds > FD_SETSIZE) + { + errno = EINVAL; + return -1; + } + + if (timeout != NULL) + { + if (timeout->tv_sec < 0 || timeout->tv_nsec < 0) + { + errno = EINVAL; + return -1; + } + + to = (timeout->tv_sec * 1000 + + (timeout->tv_nsec + 999999) / 1000000); + } + if (sigmask && __sigprocmask (SIG_SETMASK, sigmask, &oset)) return -1; @@ -364,7 +378,7 @@ _hurd_select (int nfds, } /* Look up the respondent's reply port and record its - readiness. */ + readiness. */ { int had = got; if (firstfd != -1) |