Commits (1)
  • Deucе's avatar
    Remove check for fd <= FD_SETSIZE · fd214111
    Deucе authored
    This was preventing cryptlib from working with socket descriptors
    over FD_SETSIZE despite being patched to use poll() to avoid the
    issue it's protecting against.
    
    May fix the various SSH/SSL internal error issues.
    fd214111
diff -ur ../cl-old/io/tcp_rw.c ./io/tcp_rw.c
--- ../cl-old/io/tcp_rw.c 2021-03-21 07:25:22.336553000 -0400
+++ ./io/tcp_rw.c 2021-03-21 08:02:40.609845000 -0400
--- io/tcp_rw.c.orig 2019-02-05 18:16:32.000000000 -0500
+++ io/tcp_rw.c 2021-12-07 15:16:54.161874000 -0500
@@ -20,6 +20,10 @@
#ifdef USE_TCP
......@@ -31,7 +30,34 @@ diff -ur ../cl-old/io/tcp_rw.c ./io/tcp_rw.c
int selectIterations, status, LOOP_ITERATOR;
assert( isWritePtr( netStream, sizeof( NET_STREAM_INFO ) ) );
@@ -152,6 +161,20 @@
@@ -90,26 +99,6 @@
REQUIRES( previousDataRead == TRUE || previousDataRead == FALSE );
REQUIRES( isEnumRange( type, IOWAIT ) );
- /* Check for overflows in FD_SET(). This is an ugly implementation
- issue in which, for sufficiently badly-implemented FD_SET() macros
- (and there are plenty of these around), the macro will just take the
- provided socket descriptor and use it to index the fd_set bitmask.
- This occurs for the most common implementations under Unix (BSD) and
- BSD-derived embedded OSes, Windows gets it right and uses a bounds-
- checked array.
-
- The maximum socket descriptor is normally given by FD_SETSIZE,
- typically 64 under Windows (but we don't have to worry this since it
- does FD_SET() right) and 256 or sometimes 1024 under Unix, however
- this can be increased explicitly using setrlimit() or, from the
- shell, 'ulimit -n 512' to make it 512, which will cause an overflow.
- To deal with this, we reject any socket values less than zero (if
- it's a signed variable) or greater than FD_SETSIZE */
-#ifndef __WINDOWS__
- REQUIRES( netStream->netSocket >= 0 && \
- netStream->netSocket <= FD_SETSIZE );
-#endif /* !Windows */
-
/* Set up the information needed to handle timeouts and wait on the
socket. If there's no timeout then we wait 5ms on the theory that it
isn't noticeable to the caller but ensures that we at least get a
@@ -152,6 +141,20 @@
status = setMonoTimer( &timerInfo, timeout );
if( cryptStatusError( status ) )
return( status );
......@@ -52,7 +78,7 @@ diff -ur ../cl-old/io/tcp_rw.c ./io/tcp_rw.c
LOOP_MED( ( selectIterations = 0, status = SOCKET_ERROR ), \
isSocketError( status ) && \
( selectIterations <= 0 || \
@@ -159,6 +182,7 @@
@@ -159,6 +162,7 @@
selectIterations < 20,
selectIterations++ )
{
......@@ -60,7 +86,7 @@ diff -ur ../cl-old/io/tcp_rw.c ./io/tcp_rw.c
if( readFDPtr != NULL )
{
FD_ZERO( readFDPtr );
@@ -186,6 +210,10 @@
@@ -186,6 +190,10 @@
clearErrorState();
status = select( ( int ) netStream->netSocket + 1, readFDPtr,
writeFDPtr, &exceptfds, &tv );
......@@ -71,7 +97,7 @@ diff -ur ../cl-old/io/tcp_rw.c ./io/tcp_rw.c
/* If there's a problem and it's not something transient like an
interrupted system call, exit. For a transient problem, we just
@@ -269,7 +297,11 @@
@@ -269,7 +277,11 @@
false and an indicator to receive SIGURG's not set, the OOB data byte
just languishes in a side-buffer), however we shouldn't be receiving
OOB data so we treat that as an error too */
......@@ -83,7 +109,7 @@ diff -ur ../cl-old/io/tcp_rw.c ./io/tcp_rw.c
{
int socketErrorCode;
@@ -323,6 +355,7 @@
@@ -323,6 +335,7 @@
/* The socket is read for reading or writing */
ENSURES( status > 0 );
......@@ -91,7 +117,7 @@ diff -ur ../cl-old/io/tcp_rw.c ./io/tcp_rw.c
ENSURES( ( type == IOWAIT_READ && \
FD_ISSET( netStream->netSocket, &readfds ) ) || \
( type == IOWAIT_WRITE && \
@@ -331,6 +364,13 @@
@@ -331,6 +344,13 @@
( FD_ISSET( netStream->netSocket, &readfds ) || \
FD_ISSET( netStream->netSocket, &writefds ) ) ) || \
( type == IOWAIT_ACCEPT ) );
......