summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-06-30 11:01:40 -0700
committerJeremy Allison <jra@samba.org>2011-06-30 21:15:25 +0200
commit1053a24a87f341fcd5578db56bc8b3962e63bb98 (patch)
treed03f95eab069c2a130d4709d48c5c8586876dea1
parent4804013210ba620a6d20fd813017ac383cc3b946 (diff)
downloadsamba-1053a24a87f341fcd5578db56bc8b3962e63bb98.tar.gz
samba-1053a24a87f341fcd5578db56bc8b3962e63bb98.tar.bz2
samba-1053a24a87f341fcd5578db56bc8b3962e63bb98.zip
Part of fix for bug 8276 - FD_SET out of bounds access crash.
Ensure we never add fd's set to -1 to the pollfd set. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jun 30 21:15:25 CEST 2011 on sn-devel-104
-rw-r--r--source3/nmbd/nmbd_packets.c27
1 files changed, 18 insertions, 9 deletions
diff --git a/source3/nmbd/nmbd_packets.c b/source3/nmbd/nmbd_packets.c
index a89f49c8fc..0324c9dd42 100644
--- a/source3/nmbd/nmbd_packets.c
+++ b/source3/nmbd/nmbd_packets.c
@@ -1698,7 +1698,12 @@ static bool create_listen_pollfds(struct pollfd **pfds,
for (subrec = FIRST_SUBNET;
subrec != NULL;
subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
- count += 2; /* nmb_sock and dgram_sock */
+ if (subrec->nmb_sock != -1) {
+ count += 1;
+ }
+ if (subrec->dgram_sock != -1) {
+ count += 1;
+ }
if (subrec->nmb_bcast != -1) {
count += 1;
}
@@ -1736,10 +1741,12 @@ static bool create_listen_pollfds(struct pollfd **pfds,
for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
- fds[num].fd = subrec->nmb_sock;
- attrs[num].type = NMB_PACKET;
- attrs[num].broadcast = false;
- num += 1;
+ if (subrec->nmb_sock != -1) {
+ fds[num].fd = subrec->nmb_sock;
+ attrs[num].type = NMB_PACKET;
+ attrs[num].broadcast = false;
+ num += 1;
+ }
if (subrec->nmb_bcast != -1) {
fds[num].fd = subrec->nmb_bcast;
@@ -1748,10 +1755,12 @@ static bool create_listen_pollfds(struct pollfd **pfds,
num += 1;
}
- fds[num].fd = subrec->dgram_sock;
- attrs[num].type = DGRAM_PACKET;
- attrs[num].broadcast = false;
- num += 1;
+ if (subrec->dgram_sock != -1) {
+ fds[num].fd = subrec->dgram_sock;
+ attrs[num].type = DGRAM_PACKET;
+ attrs[num].broadcast = false;
+ num += 1;
+ }
if (subrec->dgram_bcast != -1) {
fds[num].fd = subrec->dgram_bcast;