commit 52ec4848225a0e9f577272015ced52c45923d4ba
parent cfdcaf72ca60db28ad8a7240a5a09e99151cab24
Author: jvoisin <julien.voisin@dustri.org>
Date: Thu, 16 Nov 2023 16:42:41 +0100
Add hardening for select()
This is unlikely to be used, since fd_set is
usually manipulated by macros, but it doesn't hurt
to add a simple comparison.
Diffstat:
4 files changed, 46 insertions(+), 0 deletions(-)
diff --git a/include/sys/select.h b/include/sys/select.h
@@ -67,6 +67,18 @@ _STI int __fortify_FD_ISSET(int __f, fd_set * _FORTIFY_POS0 __s)
#undef FD_ISSET
#define FD_ISSET(fd, set) __fortify_FD_ISSET(fd, set)
+#ifndef __clang__
+#undef select
+_FORTIFY_FN(select) int select(int nfds, fd_set* readfds,
+ fd_set* writefds,
+ fd_set* exceptfds,
+ struct timeval *timeout){
+ if (nfds > FD_SETSIZE + 1)
+ __builtin_trap();
+ return __orig_select(nfds, readfds, writefds, exceptfds, timeout);
+}
+#endif
+
#ifdef __cplusplus
}
#endif
diff --git a/tests/Makefile b/tests/Makefile
@@ -78,6 +78,8 @@ RUNTIME_TARGETS= \
test_recv_static \
test_recvfrom_dynamic \
test_recvfrom_static \
+ test_select_dynamic \
+ test_select_static \
test_send_dynamic \
test_send_static \
test_sendto_dynamic \
diff --git a/tests/test_select_dynamic.c b/tests/test_select_dynamic.c
@@ -0,0 +1,16 @@
+#include "common.h"
+
+#include <sys/select.h>
+
+int main(int argc, char** argv) {
+#if !defined(__clang__)
+ fd_set rfds;
+
+ CHK_FAIL_START
+ select(FD_SETSIZE + argc, &rfds, NULL, NULL, NULL);
+ CHK_FAIL_END
+
+ puts((const char*)&rfds);
+#endif
+ return ret;
+}
diff --git a/tests/test_select_static.c b/tests/test_select_static.c
@@ -0,0 +1,16 @@
+#include "common.h"
+
+#include <sys/select.h>
+
+int main(int argc, char** argv) {
+#if !defined(__clang__)
+ fd_set rfds;
+
+ CHK_FAIL_START
+ select(1337, &rfds, NULL, NULL, NULL);
+ CHK_FAIL_END
+
+ puts((const char*)&rfds);
+#endif
+ return ret;
+}
