d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't write past the end of our fd_set

Browse Source 
Obtained from:	OpenBSD, via KAME
This commit is contained in:
Kris Kennaway 2000-10-08 07:58:32 +00:00
parent d35c03b40d
commit c9f7579521
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
contrib/traceroute/traceroute.c
View File

@ -882,15 +882,19 @@ int
wait_for_reply(register int sock, register struct sockaddr_in *fromp,
register struct timeval *tp)
{
fd_set fds;
fd_set *fdsp;
size_t nfds;
struct timeval now, wait;
struct timezone tz;
register int cc = 0;
register int error;
int fromlen = sizeof(*fromp);
FD_ZERO(&fds);
FD_SET(sock, &fds);
nfds = howmany(sock + 1, NFDBITS);
if ((fdsp = malloc(nfds)) == NULL)
err(1, "malloc");
memset(fdsp, 0, nfds);
FD_SET(sock, fdsp);
wait.tv_sec = tp->tv_sec + waittime;
wait.tv_usec = tp->tv_usec;
@ -901,7 +905,7 @@ wait_for_reply(register int sock, register struct sockaddr_in *fromp,
wait.tv_usec = 1;
}
error = select(sock + 1, &fds, (fd_set *)0, (fd_set *)0, &wait);
error = select(sock + 1, fdsp, NULL, NULL, &wait);
if (error == -1 && errno == EINVAL) {
Fprintf(stderr, "%s: botched select() args\n", prog);
exit(1);
@ -910,6 +914,7 @@ wait_for_reply(register int sock, register struct sockaddr_in *fromp,
cc = recvfrom(s, (char *)packet, sizeof(packet), 0,
(struct sockaddr *)fromp, &fromlen);
free(fdsp);
return(cc);
}