aboutgitcodebugslistschat
path: root/tcp.c
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2022-03-15 23:17:44 +0100
committerStefano Brivio <sbrivio@redhat.com>2022-03-29 15:35:38 +0200
commit3eb19cfd8a7c03920aeecae6692048429288af88 (patch)
tree88ffb6c69fab2da82a9d9910da1c57d34804d739 /tcp.c
parent66a95e331ec930e72bc06c54b283ea88b30ecbaa (diff)
downloadpasst-3eb19cfd8a7c03920aeecae6692048429288af88.tar
passt-3eb19cfd8a7c03920aeecae6692048429288af88.tar.gz
passt-3eb19cfd8a7c03920aeecae6692048429288af88.tar.bz2
passt-3eb19cfd8a7c03920aeecae6692048429288af88.tar.lz
passt-3eb19cfd8a7c03920aeecae6692048429288af88.tar.xz
passt-3eb19cfd8a7c03920aeecae6692048429288af88.tar.zst
passt-3eb19cfd8a7c03920aeecae6692048429288af88.zip
tcp, udp, util: Enforce 24-bit limit on socket numbers
This should never happen, but there are no formal guarantees: ensure socket numbers are below SOCKET_MAX. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'tcp.c')
-rw-r--r--tcp.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/tcp.c b/tcp.c
index 1eeb627..fcd9a04 100644
--- a/tcp.c
+++ b/tcp.c
@@ -1971,6 +1971,11 @@ static int tcp_conn_new_sock(struct ctx *c, sa_family_t af)
if (s < 0)
s = socket(af, SOCK_STREAM | SOCK_NONBLOCK, IPPROTO_TCP);
+ if (s > SOCKET_MAX) {
+ close(s);
+ return -EIO;
+ }
+
if (s < 0)
return -errno;
@@ -2982,6 +2987,12 @@ static int tcp_sock_refill(void *arg)
break;
}
*p4 = socket(AF_INET, SOCK_STREAM | SOCK_NONBLOCK, IPPROTO_TCP);
+ if (*p4 > SOCKET_MAX) {
+ close(*p4);
+ *p4 = -1;
+ return -EIO;
+ }
+
tcp_sock_set_bufsize(a->c, *p4);
}
@@ -2991,6 +3002,12 @@ static int tcp_sock_refill(void *arg)
}
*p6 = socket(AF_INET6, SOCK_STREAM | SOCK_NONBLOCK,
IPPROTO_TCP);
+ if (*p6 > SOCKET_MAX) {
+ close(*p6);
+ *p6 = -1;
+ return -EIO;
+ }
+
tcp_sock_set_bufsize(a->c, *p6);
}