MFC: Fail attempts to use file descriptors larger than SHRT_MAX. - src

diff options


context:
space:
mode:

author	John Baldwin <jhb@FreeBSD.org>	2008-03-17 17:42:26 +0000
committer	John Baldwin <jhb@FreeBSD.org>	2008-03-17 17:42:26 +0000
commit	84cc038799cb60ed4c8447a37296aefddefda184 (patch)
tree	9e508a11189c7353e2b5828b57d29c9e130ba459 /lib
parent	8a5255bd87a1c1c699c188426af8397f8c887ab9 (diff)

Notes

Diffstat (limited to 'lib')

-rw-r--r--

lib/libc/stdio/fdopen.c

-rw-r--r--

lib/libc/stdio/fopen.c

-rw-r--r--

lib/libc/stdio/freopen.c

3 files changed, 42 insertions, 0 deletions

diff --git a/lib/libc/stdio/fdopen.c b/lib/libc/stdio/fdopen.c
index 44341b39a500..2f82c2c559a8 100644
--- a/lib/libc/stdio/fdopen.c
+++ b/lib/libc/stdio/fdopen.c

@@ -45,6 +45,7 @@ static char sccsid[] = "@(#)fdopen.c 8.1 (Berkeley) 6/4/93";

#include <unistd.h>

#include <stdio.h>

#include <errno.h>

+#include <limits.h>

#include "local.h"

FILE *

@@ -59,6 +60,18 @@ fdopen(fd, mode)

if (nofile == 0)

nofile = getdtablesize();

+ /*

+ * File descriptors are a full int, but _file is only a short.

+ * If we get a valid file descriptor that is greater than

+ * SHRT_MAX, then the fd will get sign-extended into an

+ * invalid file descriptor. Handle this case by failing the

+ * open.

+ */

+ if (fd > SHRT_MAX) {

+ errno = EMFILE;

+ return (NULL);

+ }

if ((flags = __sflags(mode, &oflags)) == 0)

return (NULL);

diff --git a/lib/libc/stdio/fopen.c b/lib/libc/stdio/fopen.c
index 156840d0861b..d5ef41b9abf3 100644
--- a/lib/libc/stdio/fopen.c
+++ b/lib/libc/stdio/fopen.c

@@ -43,8 +43,10 @@ static char sccsid[] = "@(#)fopen.c 8.1 (Berkeley) 6/4/93";

#include <sys/types.h>

#include <sys/stat.h>

#include <fcntl.h>

+#include <unistd.h>

#include <stdio.h>

#include <errno.h>

+#include <limits.h>

#include "local.h"

@@ -65,6 +67,18 @@ fopen(file, mode)

fp->_flags = 0; /* release */

return (NULL);

}

+ /*

+ * File descriptors are a full int, but _file is only a short.

+ * If we get a valid file descriptor that is greater than

+ * SHRT_MAX, then the fd will get sign-extended into an

+ * invalid file descriptor. Handle this case by failing the

+ * open.

+ */

+ if (f > SHRT_MAX) {

+ _close(f);

+ errno = EMFILE;

+ return (NULL);

+ }

fp->_file = f;

fp->_flags = flags;

fp->_cookie = fp;

diff --git a/lib/libc/stdio/freopen.c b/lib/libc/stdio/freopen.c
index 3f755f85c462..b17f369a48fd 100644
--- a/lib/libc/stdio/freopen.c
+++ b/lib/libc/stdio/freopen.c

@@ -46,6 +46,7 @@ static const char rcsid[] =

#include <sys/stat.h>

#include <fcntl.h>

#include <errno.h>

+#include <limits.h>

#include <unistd.h>

#include <stdio.h>

#include <stdlib.h>

@@ -152,6 +153,20 @@ freopen(file, mode, fp)

}

+ /*

+ * File descriptors are a full int, but _file is only a short.

+ * If we get a valid file descriptor that is greater than

+ * SHRT_MAX, then the fd will get sign-extended into an

+ * invalid file descriptor. Handle this case by failing the

+ * open.

+ */

+ if (f > SHRT_MAX) {

+ fp->_flags = 0; /* set it free */

+ FUNLOCKFILE(fp);

+ errno = EMFILE;

+ return (NULL);

+ }

fp->_flags = flags;

fp->_file = f;

fp->_cookie = fp;