summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPino Toscano <toscano.pino@tiscali.it>2012-05-10 15:32:53 -0700
committerRoland McGrath <roland@hack.frob.com>2012-05-10 15:57:27 -0700
commitc6474b07e7b5f0cdc9089c1c4fcfc4fcaa2bcd92 (patch)
tree59c394e0c9fa8a3bde967e40cea2b6567714483d
parent1043890b10996ec4b14cd01040b82610760d5d4a (diff)
downloadglibc-c6474b07e7b5f0cdc9089c1c4fcfc4fcaa2bcd92.tar.gz
Hurd: _hurd_select: check for invalid parameter values
-rw-r--r--ChangeLog6
-rw-r--r--hurd/hurdselect.c28
2 files changed, 27 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index 11fdd81c12..d244bdb82f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-05-10 Pino Toscano <toscano.pino@tiscali.it>
+
+ * hurd/hurdselect.c (_hurd_select): Return EINVAL for negative
+ TIMEOUT values. Return EINVAL for NFDS values either negative or
+ greater than FD_SETSIZE.
+
2012-05-10 Samuel Thibault <samuel.thibault@ens-lyon.org>
* sysdeps/mach/hurd/brk.c (_hurd_set_brk): When more space needs to be
diff --git a/hurd/hurdselect.c b/hurd/hurdselect.c
index 25d9d9f23a..21ba5f42a4 100644
--- a/hurd/hurdselect.c
+++ b/hurd/hurdselect.c
@@ -1,6 +1,5 @@
/* Guts of both `select' and `poll' for Hurd.
- Copyright (C) 1991,92,93,94,95,96,97,98,99,2001
- Free Software Foundation, Inc.
+ Copyright (C) 1991-2012 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -49,10 +48,7 @@ _hurd_select (int nfds,
error_t err;
fd_set rfds, wfds, xfds;
int firstfd, lastfd;
- mach_msg_timeout_t to = (timeout != NULL ?
- (timeout->tv_sec * 1000 +
- (timeout->tv_nsec + 999999) / 1000000) :
- 0);
+ mach_msg_timeout_t to = 0;
struct
{
struct hurd_userlink ulink;
@@ -71,6 +67,24 @@ _hurd_select (int nfds,
assert (sizeof (union typeword) == sizeof (mach_msg_type_t));
assert (sizeof (uint32_t) == sizeof (mach_msg_type_t));
+ if (nfds < 0 || nfds > FD_SETSIZE)
+ {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (timeout != NULL)
+ {
+ if (timeout->tv_sec < 0 || timeout->tv_nsec < 0)
+ {
+ errno = EINVAL;
+ return -1;
+ }
+
+ to = (timeout->tv_sec * 1000 +
+ (timeout->tv_nsec + 999999) / 1000000);
+ }
+
if (sigmask && __sigprocmask (SIG_SETMASK, sigmask, &oset))
return -1;
@@ -364,7 +378,7 @@ _hurd_select (int nfds,
}
/* Look up the respondent's reply port and record its
- readiness. */
+ readiness. */
{
int had = got;
if (firstfd != -1)