Whenever using select() companion macro FD_SET(), one must ensure that
the specified file descriptor does not exceeds the fd_set limit (FD_SETSIZE). Registering a file descriptor above this limit is not defined (read: this is a buffer overflow). This is not normally exploitable on Linux because FD_SETSIZE equals the default limit for file descriptors per processes, but should work on BSDs. Cygwin is also very prone to this problem (but right, we don't use it). As for Windows, it will overflow if you try to select() more than 64 sockets at a time (regardless of the total numbers of socket), but for the sake of simplicity and portability, this patch actually prevent opening more than 64 sockets at all. There are still quite a bunch of plugins that needs fixing.
Showing
Please register or sign in to comment