www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Braithwaite <...@alink.net>
Subject general/2247: FD_SET should not be called without bounds checking
Date Tue, 19 May 1998 01:29:25 GMT

>Number:         2247
>Category:       general
>Synopsis:       FD_SET should not be called without bounds checking
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon May 18 18:30:01 PDT 1998
>Last-Modified:
>Originator:     mab@alink.net
>Organization:
apache
>Release:        1.2.6
>Environment:
BSDI 3.1
>Description:
so, FD_SET sets a bit in a statically sized array.  at least under BSDI, its
behavior is documented to be undefined if the bit being set is outside what's
allowed by FD_SETSIZE.  although of course one may increase FD_SETSIZE, this
doesn't really solve the problem.  the right thing is to check all calls to 
FD_SET, so that apache doesn't indiscriminately twiddle bits on the stack.
the symptoms of this problem can include failing to answer on some Listen
directives, and SEGVs.

it is really a separate subject, but, under OSes like BSDI that support
more or less arbitrary FD_SETSIZEes, it would win big if apache used something
like FD_REALLOC, rather than forcing you to compile in (and hence hardcode) the
FD_SETSIZE you want.
>How-To-Repeat:
try lots of listen statements under BSDI (~200 and some).
>Fix:
i would send a patch, but i don't know how to do error exits cleanly from
some of the places where FD_SET is called, such as the lingering close
handler.  conceptually the fix is simple:  just compare every call to FD_SET
with FD_SETSIZE on OSes that don't support arbitrary setsizes, and allocate a
sufficiently large set on those that do.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]




Mime
View raw message