diff options
Diffstat (limited to 'source/smbd')
-rw-r--r-- | source/smbd/dnsregister.c | 6 | ||||
-rw-r--r-- | source/smbd/oplock.c | 5 | ||||
-rw-r--r-- | source/smbd/oplock_irix.c | 5 | ||||
-rw-r--r-- | source/smbd/process.c | 2 | ||||
-rw-r--r-- | source/smbd/server.c | 29 |
5 files changed, 37 insertions, 10 deletions
diff --git a/source/smbd/dnsregister.c b/source/smbd/dnsregister.c index f02739ef8df..3c689b9cf3e 100644 --- a/source/smbd/dnsregister.c +++ b/source/smbd/dnsregister.c @@ -125,6 +125,9 @@ void dns_register_smbd(struct dns_reg_state ** dns_state_ptr, */ if (dns_state->srv_ref != NULL) { mdnsd_conn_fd = DNSServiceRefSockFD(dns_state->srv_ref); + if (mdnsd_conn_fd < 0 || mdnsd_conn_fd >= FD_SETSIZE) { + return; + } FD_SET(mdnsd_conn_fd, listen_set); return; } @@ -156,6 +159,9 @@ void dns_register_smbd(struct dns_reg_state ** dns_state_ptr, } mdnsd_conn_fd = DNSServiceRefSockFD(dns_state->srv_ref); + if (mdnsd_conn_fd < 0 || mdnsd_conn_fd >= FD_SETSIZE) { + return; + } FD_SET(mdnsd_conn_fd, listen_set); *maxfd = MAX(*maxfd, mdnsd_conn_fd); *timeout = timeval_zero(); diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c index a07d05d080c..5ae3fdfe22e 100644 --- a/source/smbd/oplock.c +++ b/source/smbd/oplock.c @@ -241,7 +241,10 @@ bool downgrade_oplock(files_struct *fsp) int oplock_notify_fd(void) { if (koplocks) { - return koplocks->notification_fd; + int fd = koplocks->notification_fd; + if (fd < 0 || fd >= FD_SETSIZE) { + return -1; + } } return -1; diff --git a/source/smbd/oplock_irix.c b/source/smbd/oplock_irix.c index 8c287c9836e..6e86fac65b2 100644 --- a/source/smbd/oplock_irix.c +++ b/source/smbd/oplock_irix.c @@ -284,6 +284,11 @@ struct kernel_oplocks *irix_init_kernel_oplocks(void) return False; } + if (pfd[0] < 0 || pfd[0] >= FD_SETSIZE) { + DEBUG(0,("setup_kernel_oplock_pipe: fd out of range.\n")); + return False; + } + oplock_pipe_read = pfd[0]; oplock_pipe_write = pfd[1]; diff --git a/source/smbd/process.c b/source/smbd/process.c index 403c7c65772..9b8f29b771b 100644 --- a/source/smbd/process.c +++ b/source/smbd/process.c @@ -698,7 +698,7 @@ static void async_processing(fd_set *pfds) static int select_on_fd(int fd, int maxfd, fd_set *fds) { - if (fd != -1) { + if (fd != -1 && fd < FD_SETSIZE) { FD_SET(fd, fds); maxfd = MAX(maxfd, fd); } diff --git a/source/smbd/server.c b/source/smbd/server.c index 51294847307..a670334a106 100644 --- a/source/smbd/server.c +++ b/source/smbd/server.c @@ -209,7 +209,13 @@ static bool open_sockets_inetd(void) /* Started from inetd. fd 0 is the socket. */ /* We will abort gracefully when the client or remote system goes away */ - smbd_set_server_fd(dup(0)); + int fd = dup(0); + + if (fd < 0 || fd >= FD_SETSIZE) { + return false; + } + + smbd_set_server_fd(fd); /* close our standard file descriptors */ close_low_fds(False); /* Don't close stderr */ @@ -436,7 +442,8 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ num_sockets == 0 ? 0 : 2, ifss, true); - if(s == -1) { + if(s < 0 || s >= FD_SETSIZE) { + close(s); continue; } @@ -516,7 +523,7 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ num_sockets == 0 ? 0 : 2, &ss, true); - if (s == -1) { + if (s < 0 || s >= FD_SETSIZE) { continue; } @@ -709,6 +716,7 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ struct sockaddr addr; socklen_t in_addrlen = sizeof(addr); pid_t child = 0; + int fd; s = -1; for(i = 0; i < num_sockets; i++) { @@ -721,16 +729,21 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ } } - smbd_set_server_fd(accept(s,&addr,&in_addrlen)); - - if (smbd_server_fd() == -1 && errno == EINTR) + fd = accept(s,&addr,&in_addrlen); + if (fd == -1 && errno == EINTR) continue; - - if (smbd_server_fd() == -1) { + if (fd == -1) { DEBUG(2,("open_sockets_smbd: accept: %s\n", strerror(errno))); continue; } + if (fd < 0 || fd >= FD_SETSIZE) { + DEBUG(2,("open_sockets_smbd: bad fd %d\n", + fd )); + continue; + } + + smbd_set_server_fd(fd); /* Ensure child is set to blocking mode */ set_blocking(smbd_server_fd(),True); |