Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow
From: Damien Miller <djm () mindrot org>
Date: Sat, 29 Jan 2005 10:17:00 +1100
David LeBlanc wrote:

    if (__i == ((fd_set FAR *)(set))->fd_count) { \
        if (((fd_set FAR *)(set))->fd_count < FD_SETSIZE) { \
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
            ((fd_set FAR *)(set))->fd_array[__i] = (fd); \
            ((fd_set FAR *)(set))->fd_count++; \
        } \
    } \
} while(0) 
So if you attempted to put FD_SETSIZE + 1 sockets into an fd_set, it
would just fail.


This effectively limits select to a maximum of FD_SETSIZE descriptors on
Windows. I don't think that this limitiation exists on other platforms.

Correctly written programs dynamically allocate their FD_SETs to avoid
these problems (or they use poll or some other mechanism instead).

-d

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]