diff options
author | Steffan Karger | 2016-03-03 10:22:48 +0100 |
---|---|---|
committer | Gert Doering | 2016-03-06 11:14:44 +0100 |
commit | e0b3fd49e2b5bba8cb57419a13cb75b56ac91b94 (patch) | |
tree | 433b8d535f82776696a564972d3030f041d88a08 /src/openvpn/proxy.c | |
parent | 13de0103ea361e2be24ab8b16f5be269c6ab7496 (diff) | |
download | openvpn-e0b3fd49e2b5bba8cb57419a13cb75b56ac91b94.zip openvpn-e0b3fd49e2b5bba8cb57419a13cb75b56ac91b94.tar.gz |
hardening: add safe FD_SET() wrapper openvpn_fd_set()
On many platforms (not Windows, for once), FD_SET() can write outside the
given fd_set if an fd >= FD_SETSIZE is given. To make sure we don't do
that, add an ASSERT() to error out with a clear error message when this
does happen.
This patch was inspired by remarks about FD_SET() from Sebastian Krahmer
of the SuSE Security Team.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1456996968-29472-1-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11285
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/proxy.c')
-rw-r--r-- | src/openvpn/proxy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 2568e19..8ff6458 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -92,7 +92,7 @@ recv_line (socket_descriptor_t sd, } FD_ZERO (&reads); - FD_SET (sd, &reads); + openvpn_fd_set (sd, &reads); tv.tv_sec = timeout_sec; tv.tv_usec = 0; |