Skip to content

Commit 92666c7

Browse files
danielinuxdanielinux
committed
Reviewer's comment: Check fd boundary in connect/sendto
1 parent 84ac043 commit 92666c7

1 file changed

Lines changed: 16 additions & 2 deletions

File tree

src/wolfip.c

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1546,11 +1546,14 @@ int wolfIP_sock_connect(struct wolfIP *s, int sockfd, const struct wolfIP_sockad
15461546
struct tsocket *ts;
15471547
const struct wolfIP_sockaddr_in *sin;
15481548
unsigned int if_idx;
1549-
if (!addr)
1549+
if ((!addr)|| (sockfd < 0))
15501550
return -WOLFIP_EINVAL;
15511551
sin = (const struct wolfIP_sockaddr_in *)addr;
15521552
if (sockfd & MARK_UDP_SOCKET) {
15531553
struct ipconf *conf;
1554+
if ((sockfd & MARK_UDP_SOCKET) >= MAX_UDPSOCKETS)
1555+
return -WOLFIP_EINVAL;
1556+
15541557
ts = &s->udpsockets[sockfd & ~MARK_UDP_SOCKET];
15551558
ts->dst_port = ee16(sin->sin_port);
15561559
ts->remote_ip = ee32(sin->sin_addr.s_addr);
@@ -1566,8 +1569,12 @@ int wolfIP_sock_connect(struct wolfIP *s, int sockfd, const struct wolfIP_sockad
15661569
}
15671570
return 0;
15681571
}
1572+
15691573
if ((sockfd & MARK_TCP_SOCKET) == 0)
1570-
return -1;
1574+
return -WOLFIP_EINVAL;
1575+
if ((sockfd & ~MARK_TCP_SOCKET)>= MAX_TCPSOCKETS)
1576+
return -WOLFIP_EINVAL;
1577+
15711578
ts = &s->tcpsockets[sockfd & ~MARK_TCP_SOCKET];
15721579
if (ts->sock.tcp.state == TCP_ESTABLISHED)
15731580
return 0;
@@ -1671,9 +1678,13 @@ int wolfIP_sock_sendto(struct wolfIP *s, int sockfd, const void *buf, size_t len
16711678
if (sockfd & MARK_TCP_SOCKET) {
16721679
size_t sent = 0;
16731680
struct tcp_opt_ts *tsopt = (struct tcp_opt_ts *)tcp->data;
1681+
if ((sockfd & MARK_TCP_SOCKET) >= MAX_TCPSOCKETS)
1682+
return -WOLFIP_EINVAL;
1683+
16741684
ts = &s->tcpsockets[sockfd & ~MARK_TCP_SOCKET];
16751685
if (ts->sock.tcp.state != TCP_ESTABLISHED)
16761686
return -1;
1687+
16771688
while (sent < len) {
16781689
uint32_t payload_len = len - sent;
16791690
if (payload_len > (TCP_MSS - TCP_OPTIONS_LEN))
@@ -1710,6 +1721,9 @@ int wolfIP_sock_sendto(struct wolfIP *s, int sockfd, const void *buf, size_t len
17101721
const struct wolfIP_sockaddr_in *sin = (const struct wolfIP_sockaddr_in *)dest_addr;
17111722
unsigned int if_idx;
17121723
struct ipconf *conf;
1724+
if ((sockfd & ~MARK_UDP_SOCKET) >= MAX_UDPSOCKETS)
1725+
return -WOLFIP_EINVAL;
1726+
17131727
ts = &s->udpsockets[sockfd & ~MARK_UDP_SOCKET];
17141728
if ((ts->dst_port == 0) && (dest_addr == NULL))
17151729
return -1;

0 commit comments

Comments
 (0)