Subject: [PATCH 2/5] Fix integer shift overflow if both tcp_socket and udp_socket are set

[PATCH 2/5] Fix integer shift overflow if both tcp_socket and udp_socket are set

From: Gregor Jasny <gjasny_at_googlemail.com>
Date: Sun, 28 Sep 2014 22:19:24 +0200

The problem occurs if at the start of the loop the sockindex is at the
last valid ARES_GETSOCK_MAXNUM position. If then both udp_socket and
tcp_socket are valid, sockindex gets incremented for UDP first and
points one entry behind the array for the tcp block.
So the fix is to check after every increment of sockindex if it is still
valid.

Fix Coverity error CID 56878

Signed-off-by: Gregor Jasny <gjasny_at_googlemail.com>

---
 ares_getsock.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/ares_getsock.c b/ares_getsock.c
index 07d2854..22d3446 100644
--- a/ares_getsock.c
+++ b/ares_getsock.c
@@ -30,9 +30,7 @@ int ares_getsock(ares_channel channel,
   /* Are there any active queries? */
   int active_queries = !ares__is_list_empty(&(channel->all_queries));
 
-  for (i = 0;
-       (i < channel->nservers) && (sockindex < ARES_GETSOCK_MAXNUM);
-       i++)
+  for (i = 0; i < channel->nservers; i++)
     {
       server = &channel->servers[i];
       /* We only need to register interest in UDP sockets if we have
@@ -40,7 +38,7 @@ int ares_getsock(ares_channel channel,
        */
       if (active_queries && server->udp_socket != ARES_SOCKET_BAD)
         {
-          if(sockindex >= numsocks)
+          if(sockindex >= numsocks || sockindex >= ARES_GETSOCK_MAXNUM)
             break;
           socks[sockindex] = server->udp_socket;
           bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);
@@ -52,7 +50,7 @@ int ares_getsock(ares_channel channel,
        */
       if (server->tcp_socket != ARES_SOCKET_BAD)
        {
-         if(sockindex >= numsocks)
+         if(sockindex >= numsocks || sockindex >= ARES_GETSOCK_MAXNUM)
            break;
          socks[sockindex] = server->tcp_socket;
          bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);
-- 
1.9.3 (Apple Git-50)
Received on 2014-09-28