mirror of https://github.com/moparisthebest/sslh
check fd < FD_SETSIZE
This commit is contained in:
parent
536f7dee83
commit
e3159409c0
|
@ -3,6 +3,10 @@ vNEXT:
|
||||||
See README for iptables magic and capability
|
See README for iptables magic and capability
|
||||||
management.
|
management.
|
||||||
|
|
||||||
|
Fixed bug in sslh-select: if number of opened file
|
||||||
|
descriptor became bigger than FD_SETSIZE, bad things
|
||||||
|
would happen.
|
||||||
|
|
||||||
Fixed bug in sslh-select: if socket dropped while
|
Fixed bug in sslh-select: if socket dropped while
|
||||||
defered_data was present, sslh-select would crash.
|
defered_data was present, sslh-select would crash.
|
||||||
|
|
||||||
|
|
|
@ -72,6 +72,16 @@ int tidy_connection(struct connection *cnx, fd_set *fds, fd_set *fds2)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* if fd becomes higher than FD_SETSIZE, things won't work so well with FD_SET
|
||||||
|
* and FD_CLR. Need to drop connections if we go above that limit */
|
||||||
|
int fd_is_in_range(int fd) {
|
||||||
|
if (fd >= FD_SETSIZE) {
|
||||||
|
log_message(LOG_ERR, "too many open file descriptor to monitor them all -- dropping connection\n");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
/* Accepts a connection from the main socket and assigns it to an empty slot.
|
/* Accepts a connection from the main socket and assigns it to an empty slot.
|
||||||
* If no slots are available, allocate another few. If that fails, drop the
|
* If no slots are available, allocate another few. If that fails, drop the
|
||||||
* connexion */
|
* connexion */
|
||||||
|
@ -83,6 +93,9 @@ int accept_new_connection(int listen_socket, struct connection *cnx[], int* cnx_
|
||||||
in_socket = accept(listen_socket, 0, 0);
|
in_socket = accept(listen_socket, 0, 0);
|
||||||
CHECK_RES_RETURN(in_socket, "accept");
|
CHECK_RES_RETURN(in_socket, "accept");
|
||||||
|
|
||||||
|
if (!fd_is_in_range(in_socket))
|
||||||
|
return -1;
|
||||||
|
|
||||||
res = set_nonblock(in_socket);
|
res = set_nonblock(in_socket);
|
||||||
if (res == -1) return -1;
|
if (res == -1) return -1;
|
||||||
|
|
||||||
|
@ -123,7 +136,7 @@ int connect_queue(struct connection *cnx, struct addrinfo *addr,
|
||||||
struct queue *q = &cnx->q[1];
|
struct queue *q = &cnx->q[1];
|
||||||
|
|
||||||
q->fd = connect_addr(addr, cnx->q[0].fd, cnx_name);
|
q->fd = connect_addr(addr, cnx->q[0].fd, cnx_name);
|
||||||
if (q->fd != -1) {
|
if ((q->fd != -1) && fd_is_in_range(q->fd)) {
|
||||||
log_connection(cnx);
|
log_connection(cnx);
|
||||||
set_nonblock(q->fd);
|
set_nonblock(q->fd);
|
||||||
flush_defered(q);
|
flush_defered(q);
|
||||||
|
|
Loading…
Reference in New Issue