Skip to content

Commit b17c592

Browse files
bk138bk138
committed
libvncclient: don't give invalid fds to FD_* macros
re #655
1 parent e7ee07d commit b17c592

3 files changed

Lines changed: 20 additions & 4 deletions

File tree

src/libvncclient/listen.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -102,9 +102,9 @@ listenForIncomingConnections(rfbClient* client)
102102
r = select(rfbMax(listenSocket, listen6Socket)+1, &fds, NULL, NULL, NULL);
103103

104104
if (r > 0) {
105-
if (FD_ISSET(listenSocket, &fds))
105+
if (listenSocket != RFB_INVALID_SOCKET && FD_ISSET(listenSocket, &fds))
106106
client->sock = AcceptTcpConnection(client->listenSock);
107-
else if (FD_ISSET(listen6Socket, &fds))
107+
else if (listen6Socket != RFB_INVALID_SOCKET && FD_ISSET(listen6Socket, &fds))
108108
client->sock = AcceptTcpConnection(client->listen6Sock);
109109

110110
if (client->sock == RFB_INVALID_SOCKET)
@@ -201,9 +201,9 @@ listenForIncomingConnectionsNoFork(rfbClient* client, int timeout)
201201

202202
if (r > 0)
203203
{
204-
if (FD_ISSET(client->listenSock, &fds))
204+
if (client->listenSock != RFB_INVALID_SOCKET && FD_ISSET(client->listenSock, &fds))
205205
client->sock = AcceptTcpConnection(client->listenSock);
206-
else if (FD_ISSET(client->listen6Sock, &fds))
206+
else if (client->listen6Sock != RFB_INVALID_SOCKET && FD_ISSET(client->listen6Sock, &fds))
207207
client->sock = AcceptTcpConnection(client->listen6Sock);
208208

209209
if (client->sock == RFB_INVALID_SOCKET)

src/libvncclient/sockets.c

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -296,6 +296,12 @@ WriteToRFBServer(rfbClient* client, const char *buf, unsigned int n)
296296
errno == ENOENT ||
297297
#endif
298298
errno == EAGAIN) {
299+
if(client->sock == RFB_INVALID_SOCKET) {
300+
errno = EBADF;
301+
rfbClientErr("socket invalid\n");
302+
return FALSE;
303+
}
304+
299305
FD_ZERO(&fds);
300306
FD_SET(client->sock,&fds);
301307

@@ -858,6 +864,11 @@ int WaitForMessage(rfbClient* client,unsigned int usecs)
858864
timeout.tv_sec=(usecs/1000000);
859865
timeout.tv_usec=(usecs%1000000);
860866

867+
if(client->sock == RFB_INVALID_SOCKET) {
868+
errno = EBADF;
869+
return -1;
870+
}
871+
861872
FD_ZERO(&fds);
862873
FD_SET(client->sock,&fds);
863874

src/libvncclient/tls_openssl.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -167,6 +167,11 @@ static int sock_read_ready(SSL *ssl, uint32_t ms)
167167

168168
FD_ZERO(&fds);
169169

170+
if(SSL_get_fd(ssl) == RFB_INVALID_SOCKET) {
171+
errno = EBADF;
172+
return -1;
173+
}
174+
170175
FD_SET(SSL_get_fd(ssl), &fds);
171176

172177
tv.tv_sec = ms / 1000;

0 commit comments

Comments
 (0)