Change 34067: [perl #46309] Buffer overflow in win32_select() (PATCH included)

Tue, 17 Jun 2008 00:30:25 -0700 

Change 34067 by [EMAIL PROTECTED] on 2008/06/17 07:23:51

        Subject: [perl #46309] Buffer overflow in win32_select() (PATCH 
included) 
        From: Risto Kankkunen (via RT) <[EMAIL PROTECTED]>
        Date: Wed, 10 Oct 2007 02:44:13 -0700
        Message-ID: <[EMAIL PROTECTED]>

Affected files ...

... //depot/perl/win32/win32sck.c#49 edit

Differences ...

==== //depot/perl/win32/win32sck.c#49 (text) ====
Index: perl/win32/win32sck.c
--- perl/win32/win32sck.c#48~31469~     2007-06-26 00:38:05.000000000 -0700
+++ perl/win32/win32sck.c       2008-06-17 00:23:51.000000000 -0700
@@ -259,9 +259,8 @@
 {
     int r;
 #ifdef USE_SOCKETS_AS_HANDLES
-    Perl_fd_set dummy;
     int i, fd, save_errno = errno;
-    FD_SET nrd, nwr, nex, *prd, *pwr, *pex;
+    FD_SET nrd, nwr, nex;
 
     /* winsock seems incapable of dealing with all three null fd_sets,
      * so do the (millisecond) sleep as a special case
@@ -275,44 +274,31 @@
        return 0;
     }
     StartSockets();
-    PERL_FD_ZERO(&dummy);
-    if (!rd)
-       rd = &dummy, prd = NULL;
-    else
-       prd = &nrd;
-    if (!wr)
-       wr = &dummy, pwr = NULL;
-    else
-       pwr = &nwr;
-    if (!ex)
-       ex = &dummy, pex = NULL;
-    else
-       pex = &nex;
 
     FD_ZERO(&nrd);
     FD_ZERO(&nwr);
     FD_ZERO(&nex);
     for (i = 0; i < nfds; i++) {
        fd = TO_SOCKET(i);
-       if (PERL_FD_ISSET(i,rd))
+       if (rd && PERL_FD_ISSET(i,rd))
            FD_SET((unsigned)fd, &nrd);
-       if (PERL_FD_ISSET(i,wr))
+       if (wr && PERL_FD_ISSET(i,wr))
            FD_SET((unsigned)fd, &nwr);
-       if (PERL_FD_ISSET(i,ex))
+       if (ex && PERL_FD_ISSET(i,ex))
            FD_SET((unsigned)fd, &nex);
     }
 
     errno = save_errno;
-    SOCKET_TEST_ERROR(r = select(nfds, prd, pwr, pex, timeout));
+    SOCKET_TEST_ERROR(r = select(nfds, &nrd, &nwr, &nex, timeout));
     save_errno = errno;
 
     for (i = 0; i < nfds; i++) {
        fd = TO_SOCKET(i);
-       if (PERL_FD_ISSET(i,rd) && !FD_ISSET(fd, &nrd))
+       if (rd && PERL_FD_ISSET(i,rd) && !FD_ISSET(fd, &nrd))
            PERL_FD_CLR(i,rd);
-       if (PERL_FD_ISSET(i,wr) && !FD_ISSET(fd, &nwr))
+       if (wr && PERL_FD_ISSET(i,wr) && !FD_ISSET(fd, &nwr))
            PERL_FD_CLR(i,wr);
-       if (PERL_FD_ISSET(i,ex) && !FD_ISSET(fd, &nex))
+       if (ex && PERL_FD_ISSET(i,ex) && !FD_ISSET(fd, &nex))
            PERL_FD_CLR(i,ex);
     }
     errno = save_errno;
End of Patch.

Reply via email to