Fix integer shift overflow if both tcp_socket and udp_socket are set
The problem occurs if at the start of the loop the sockindex is at the last valid ARES_GETSOCK_MAXNUM position. If then both udp_socket and tcp_socket are valid, sockindex gets incremented for UDP first and points one entry behind the array for the tcp block. So the fix is to check after every increment of sockindex if it is still valid. Fix Coverity error CID 56878 Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
This commit is contained in:
parent
13dc4800b2
commit
7db1afd38f
|
@ -30,9 +30,7 @@ int ares_getsock(ares_channel channel,
|
|||
/* Are there any active queries? */
|
||||
int active_queries = !ares__is_list_empty(&(channel->all_queries));
|
||||
|
||||
for (i = 0;
|
||||
(i < channel->nservers) && (sockindex < ARES_GETSOCK_MAXNUM);
|
||||
i++)
|
||||
for (i = 0; i < channel->nservers; i++)
|
||||
{
|
||||
server = &channel->servers[i];
|
||||
/* We only need to register interest in UDP sockets if we have
|
||||
|
@ -40,7 +38,7 @@ int ares_getsock(ares_channel channel,
|
|||
*/
|
||||
if (active_queries && server->udp_socket != ARES_SOCKET_BAD)
|
||||
{
|
||||
if(sockindex >= numsocks)
|
||||
if(sockindex >= numsocks || sockindex >= ARES_GETSOCK_MAXNUM)
|
||||
break;
|
||||
socks[sockindex] = server->udp_socket;
|
||||
bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);
|
||||
|
@ -52,7 +50,7 @@ int ares_getsock(ares_channel channel,
|
|||
*/
|
||||
if (server->tcp_socket != ARES_SOCKET_BAD)
|
||||
{
|
||||
if(sockindex >= numsocks)
|
||||
if(sockindex >= numsocks || sockindex >= ARES_GETSOCK_MAXNUM)
|
||||
break;
|
||||
socks[sockindex] = server->tcp_socket;
|
||||
bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);
|
||||
|
|
Loading…
Reference in New Issue