(io_open, io_iopfromfd): Properly check argument FD to protect
io_list[] indexing. (niop, io_init): Store length of io_list[] in new niop. (player_accept): Checking the socket file descriptor here is now redundant. Remove.
This commit is contained in:
parent
0655744bf7
commit
52cb1f8c55
2 changed files with 12 additions and 12 deletions
|
|
@ -67,6 +67,7 @@
|
|||
extern struct player *player; /* XXX */
|
||||
|
||||
static struct iop **io_list;
|
||||
static int niop;
|
||||
static struct io_mask *iom;
|
||||
static int fdmax; /* largest file descriptor seen */
|
||||
static fd_set newoutput;
|
||||
|
|
@ -85,7 +86,8 @@ void
|
|||
io_init(void)
|
||||
{
|
||||
iom = iom_create(IO_READ | IO_WRITE);
|
||||
io_list = (struct iop **)calloc(getfdtablesize(), sizeof(*io_list));
|
||||
niop = getfdtablesize();
|
||||
io_list = (struct iop **)calloc(niop, sizeof(*io_list));
|
||||
fdmax = 0;
|
||||
FD_ZERO(&newoutput);
|
||||
}
|
||||
|
|
@ -96,14 +98,18 @@ io_open(int fd, int flags, int bufsize, int (*notify) (void),
|
|||
{
|
||||
struct iop *iop;
|
||||
|
||||
if (fd < 0 || niop < fd)
|
||||
return NULL;
|
||||
if (io_list[fd] != 0) {
|
||||
/* already exists */
|
||||
return 0;
|
||||
return NULL;
|
||||
}
|
||||
flags = flags & (IO_READ | IO_WRITE | IO_NBLOCK | IO_NEWSOCK);
|
||||
if ((flags & (IO_READ | IO_WRITE)) == 0)
|
||||
return 0;
|
||||
return NULL;
|
||||
iop = (struct iop *)malloc(sizeof(struct iop));
|
||||
if (!iop)
|
||||
return NULL;
|
||||
iop->fd = fd;
|
||||
iop->input = 0;
|
||||
iop->output = 0;
|
||||
|
|
@ -522,5 +528,7 @@ io_fileno(struct iop *iop)
|
|||
struct iop *
|
||||
io_iopfromfd(int fd)
|
||||
{
|
||||
if (fd < 0 || niop < fd)
|
||||
return NULL;
|
||||
return io_list[fd];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -200,7 +200,6 @@ player_accept(void *argv)
|
|||
int s;
|
||||
short port;
|
||||
int val;
|
||||
int maxfd;
|
||||
struct player *np;
|
||||
int len;
|
||||
int ns;
|
||||
|
|
@ -248,7 +247,6 @@ player_accept(void *argv)
|
|||
exit(1);
|
||||
}
|
||||
#endif
|
||||
maxfd = getfdtablesize() - 1;
|
||||
while (1) {
|
||||
empth_select(s, EMPTH_FD_READ);
|
||||
len = sizeof(sin);
|
||||
|
|
@ -259,12 +257,6 @@ player_accept(void *argv)
|
|||
}
|
||||
(void)setsockopt(ns, SOL_SOCKET, SO_KEEPALIVE,
|
||||
(char *)&set, sizeof(set));
|
||||
if (ns >= maxfd) {
|
||||
logerror("new fd %d, max %d, no fd's left for new user",
|
||||
ns, maxfd);
|
||||
close(ns);
|
||||
continue;
|
||||
}
|
||||
np = player_new(ns, &sin);
|
||||
if (!np) {
|
||||
logerror("can't create player for fd %d", ns);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue