# HG changeset patch # User Eli Zaretskii # Date 1137784324 0 # Node ID 8d40a7886950ec73703b4aa815d8477120ec4201 # Parent f2e5b42a122ef8e39ab373bdb8d8239a60d57798 (sys_close): If FD is outside [0..MAXDESC) limits, pass it directly to _close. (sys_dup): Protect against new_fd larger than fd_info[] can handle. (sys_read): If FD is outside [0..MAXDESC) limits, pass it directly to _read. (sys_write): If FD is outside [0..MAXDESC) limits, pass it directly to _write. diff -r f2e5b42a122e -r 8d40a7886950 src/w32.c --- a/src/w32.c Fri Jan 20 14:19:14 2006 +0000 +++ b/src/w32.c Fri Jan 20 19:12:04 2006 +0000 @@ -3426,13 +3426,13 @@ { int rc; - if (fd < 0 || fd >= MAXDESC) + if (fd < 0) { errno = EBADF; return -1; } - if (fd_info[fd].cp) + if (fd < MAXDESC && fd_info[fd].cp) { child_process * cp = fd_info[fd].cp; @@ -3474,7 +3474,7 @@ because socket handles are fully fledged kernel handles. */ rc = _close (fd); - if (rc == 0) + if (rc == 0 && fd < MAXDESC) fd_info[fd].flags = 0; return rc; @@ -3486,7 +3486,7 @@ int new_fd; new_fd = _dup (fd); - if (new_fd >= 0) + if (new_fd >= 0 && new_fd < MAXDESC) { /* duplicate our internal info as well */ fd_info[new_fd] = fd_info[fd]; @@ -3641,13 +3641,13 @@ DWORD waiting; char * orig_buffer = buffer; - if (fd < 0 || fd >= MAXDESC) + if (fd < 0) { errno = EBADF; return -1; } - if (fd_info[fd].flags & (FILE_PIPE | FILE_SOCKET)) + if (fd < MAXDESC && fd_info[fd].flags & (FILE_PIPE | FILE_SOCKET)) { child_process *cp = fd_info[fd].cp; @@ -3785,13 +3785,13 @@ { int nchars; - if (fd < 0 || fd >= MAXDESC) + if (fd < 0) { errno = EBADF; return -1; } - if (fd_info[fd].flags & (FILE_PIPE | FILE_SOCKET)) + if (fd < MAXDESC && fd_info[fd].flags & (FILE_PIPE | FILE_SOCKET)) { if ((fd_info[fd].flags & FILE_WRITE) == 0) { @@ -3833,7 +3833,7 @@ } #ifdef HAVE_SOCKETS - if (fd_info[fd].flags & FILE_SOCKET) + if (fd < MAXDESC && fd_info[fd].flags & FILE_SOCKET) { unsigned long nblock = 0; if (winsock_lib == NULL) abort ();