empire/empserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

(io_open, io_iopfromfd): Properly check argument FD to protect

Browse source 
io_list[] indexing.
(niop, io_init): Store length of io_list[] in new niop.
(player_accept): Checking the socket file descriptor here is now
redundant.  Remove.
This commit is contained in:
Markus Armbruster 2004-02-06 12:12:58 +00:00
parent 0655744bf7
commit 52cb1f8c55
2 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/lib/gen/io.c
View file

@ -67,6 +67,7 @@
extern struct player *player; /* XXX */ extern struct player *player; /* XXX */
static struct iop **io_list; static struct iop **io_list;
static int niop;
static struct io_mask *iom; static struct io_mask *iom;
static int fdmax; /* largest file descriptor seen */ static int fdmax; /* largest file descriptor seen */
static fd_set newoutput; static fd_set newoutput;
@ -85,7 +86,8 @@ void
io_init(void) io_init(void)
{ {
iom = iom_create(IO_READ | IO_WRITE); iom = iom_create(IO_READ | IO_WRITE);
io_list = (struct iop **)calloc(getfdtablesize(), sizeof(*io_list)); niop = getfdtablesize();
io_list = (struct iop **)calloc(niop, sizeof(*io_list));
fdmax = 0; fdmax = 0;
FD_ZERO(&newoutput); FD_ZERO(&newoutput);
} }
@ -96,14 +98,18 @@ io_open(int fd, int flags, int bufsize, int (*notify) (void),
{ {
struct iop *iop; struct iop *iop;
if (fd < 0 || niop < fd)
return NULL;
if (io_list[fd] != 0) { if (io_list[fd] != 0) {
/* already exists */ /* already exists */
return 0; return NULL;
} }
flags = flags & (IO_READ | IO_WRITE | IO_NBLOCK | IO_NEWSOCK); flags = flags & (IO_READ | IO_WRITE | IO_NBLOCK | IO_NEWSOCK);
if ((flags & (IO_READ | IO_WRITE)) == 0) if ((flags & (IO_READ | IO_WRITE)) == 0)
return 0; return NULL;
iop = (struct iop *)malloc(sizeof(struct iop)); iop = (struct iop *)malloc(sizeof(struct iop));
if (!iop)
return NULL;
iop->fd = fd; iop->fd = fd;
iop->input = 0; iop->input = 0;
iop->output = 0; iop->output = 0;
@ -522,5 +528,7 @@ io_fileno(struct iop *iop)
struct iop * struct iop *
io_iopfromfd(int fd) io_iopfromfd(int fd)
{ {
if (fd < 0 || niop < fd)
return NULL;
return io_list[fd]; return io_list[fd];
} }

8
src/lib/player/accept.c
View file

@ -200,7 +200,6 @@ player_accept(void *argv)
int s; int s;
short port; short port;
int val; int val;
int maxfd;
struct player *np; struct player *np;
int len; int len;
int ns; int ns;
@ -248,7 +247,6 @@ player_accept(void *argv)
exit(1); exit(1);
} }
#endif #endif
maxfd = getfdtablesize() - 1;
while (1) { while (1) {
empth_select(s, EMPTH_FD_READ); empth_select(s, EMPTH_FD_READ);
len = sizeof(sin); len = sizeof(sin);
@ -259,12 +257,6 @@ player_accept(void *argv)
} }
(void)setsockopt(ns, SOL_SOCKET, SO_KEEPALIVE, (void)setsockopt(ns, SOL_SOCKET, SO_KEEPALIVE,
(char *)&set, sizeof(set)); (char *)&set, sizeof(set));
if (ns >= maxfd) {
logerror("new fd %d, max %d, no fd's left for new user",
ns, maxfd);
close(ns);
continue;
}
np = player_new(ns, &sin); np = player_new(ns, &sin);
if (!np) { if (!np) {
logerror("can't create player for fd %d", ns); logerror("can't create player for fd %d", ns);