summaryrefslogtreecommitdiffstats
path: root/source/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source/smbd')
-rw-r--r--source/smbd/dnsregister.c6
-rw-r--r--source/smbd/oplock.c5
-rw-r--r--source/smbd/oplock_irix.c5
-rw-r--r--source/smbd/process.c2
-rw-r--r--source/smbd/server.c29
5 files changed, 37 insertions, 10 deletions
diff --git a/source/smbd/dnsregister.c b/source/smbd/dnsregister.c
index f02739ef8df..3c689b9cf3e 100644
--- a/source/smbd/dnsregister.c
+++ b/source/smbd/dnsregister.c
@@ -125,6 +125,9 @@ void dns_register_smbd(struct dns_reg_state ** dns_state_ptr,
*/
if (dns_state->srv_ref != NULL) {
mdnsd_conn_fd = DNSServiceRefSockFD(dns_state->srv_ref);
+ if (mdnsd_conn_fd < 0 || mdnsd_conn_fd >= FD_SETSIZE) {
+ return;
+ }
FD_SET(mdnsd_conn_fd, listen_set);
return;
}
@@ -156,6 +159,9 @@ void dns_register_smbd(struct dns_reg_state ** dns_state_ptr,
}
mdnsd_conn_fd = DNSServiceRefSockFD(dns_state->srv_ref);
+ if (mdnsd_conn_fd < 0 || mdnsd_conn_fd >= FD_SETSIZE) {
+ return;
+ }
FD_SET(mdnsd_conn_fd, listen_set);
*maxfd = MAX(*maxfd, mdnsd_conn_fd);
*timeout = timeval_zero();
diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c
index a07d05d080c..5ae3fdfe22e 100644
--- a/source/smbd/oplock.c
+++ b/source/smbd/oplock.c
@@ -241,7 +241,10 @@ bool downgrade_oplock(files_struct *fsp)
int oplock_notify_fd(void)
{
if (koplocks) {
- return koplocks->notification_fd;
+ int fd = koplocks->notification_fd;
+ if (fd < 0 || fd >= FD_SETSIZE) {
+ return -1;
+ }
}
return -1;
diff --git a/source/smbd/oplock_irix.c b/source/smbd/oplock_irix.c
index 8c287c9836e..6e86fac65b2 100644
--- a/source/smbd/oplock_irix.c
+++ b/source/smbd/oplock_irix.c
@@ -284,6 +284,11 @@ struct kernel_oplocks *irix_init_kernel_oplocks(void)
return False;
}
+ if (pfd[0] < 0 || pfd[0] >= FD_SETSIZE) {
+ DEBUG(0,("setup_kernel_oplock_pipe: fd out of range.\n"));
+ return False;
+ }
+
oplock_pipe_read = pfd[0];
oplock_pipe_write = pfd[1];
diff --git a/source/smbd/process.c b/source/smbd/process.c
index 403c7c65772..9b8f29b771b 100644
--- a/source/smbd/process.c
+++ b/source/smbd/process.c
@@ -698,7 +698,7 @@ static void async_processing(fd_set *pfds)
static int select_on_fd(int fd, int maxfd, fd_set *fds)
{
- if (fd != -1) {
+ if (fd != -1 && fd < FD_SETSIZE) {
FD_SET(fd, fds);
maxfd = MAX(maxfd, fd);
}
diff --git a/source/smbd/server.c b/source/smbd/server.c
index 51294847307..a670334a106 100644
--- a/source/smbd/server.c
+++ b/source/smbd/server.c
@@ -209,7 +209,13 @@ static bool open_sockets_inetd(void)
/* Started from inetd. fd 0 is the socket. */
/* We will abort gracefully when the client or remote system
goes away */
- smbd_set_server_fd(dup(0));
+ int fd = dup(0);
+
+ if (fd < 0 || fd >= FD_SETSIZE) {
+ return false;
+ }
+
+ smbd_set_server_fd(fd);
/* close our standard file descriptors */
close_low_fds(False); /* Don't close stderr */
@@ -436,7 +442,8 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
num_sockets == 0 ? 0 : 2,
ifss,
true);
- if(s == -1) {
+ if(s < 0 || s >= FD_SETSIZE) {
+ close(s);
continue;
}
@@ -516,7 +523,7 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
num_sockets == 0 ? 0 : 2,
&ss,
true);
- if (s == -1) {
+ if (s < 0 || s >= FD_SETSIZE) {
continue;
}
@@ -709,6 +716,7 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
struct sockaddr addr;
socklen_t in_addrlen = sizeof(addr);
pid_t child = 0;
+ int fd;
s = -1;
for(i = 0; i < num_sockets; i++) {
@@ -721,16 +729,21 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
}
}
- smbd_set_server_fd(accept(s,&addr,&in_addrlen));
-
- if (smbd_server_fd() == -1 && errno == EINTR)
+ fd = accept(s,&addr,&in_addrlen);
+ if (fd == -1 && errno == EINTR)
continue;
-
- if (smbd_server_fd() == -1) {
+ if (fd == -1) {
DEBUG(2,("open_sockets_smbd: accept: %s\n",
strerror(errno)));
continue;
}
+ if (fd < 0 || fd >= FD_SETSIZE) {
+ DEBUG(2,("open_sockets_smbd: bad fd %d\n",
+ fd ));
+ continue;
+ }
+
+ smbd_set_server_fd(fd);
/* Ensure child is set to blocking mode */
set_blocking(smbd_server_fd(),True);
generated by cgit (git 2.34.1) at 2024-05-26 22:47:07 +0000