Date: Fri, 1 May 2026 21:08:54 +0000 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Mark Johnston <markj@freebsd.org> Cc: Oliver Pinter <oliver.pntr@gmail.com>, "src-committers@freebsd.org" <src-committers@freebsd.org>, "dev-commits-src-all@freebsd.org" <dev-commits-src-all@freebsd.org>, "dev-commits-src-main@freebsd.org" <dev-commits-src-main@freebsd.org>, Mariusz Zaborski <oshogbo@freebsd.org> Subject: Re: git: f5ea3dce2cbe - main - libnv: switch fd_wait() from select(2) to poll(2) Message-ID: <e5mrhx6lxr2ccafz3ofa7tranfvivdfdsrwalf2ewhlwsp5mb4@4tzardue4ray> In-Reply-To: <afUJBGczsjXZ8yxD@nuc> References: <69f219fc.3d583.73783562@gitrepo.freebsd.org> <CAPjTQNGzzY4sgCdKy0wrO2ipyYA1yefLhbbDE0RV2qFDCy06Hg@mail.gmail.com> <afUJBGczsjXZ8yxD@nuc>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Fri, May 01, 2026 at 04:11:48PM -0400, Mark Johnston wrote: > On Fri, May 01, 2026 at 09:11:17AM +0100, Oliver Pinter wrote: > > On Wednesday, April 29, 2026, Mark Johnston <markj@freebsd.org> wrote: > > > > > The branch main has been updated by markj: > > > > > > URL: https://cgit.FreeBSD.org/src/commit/?id= > > > f5ea3dce2cbe1ee2068c5e5c11bb066f5789685b > > > > > > commit f5ea3dce2cbe1ee2068c5e5c11bb066f5789685b > > > Author: Mariusz Zaborski <oshogbo@FreeBSD.org> > > > AuthorDate: 2026-04-28 14:35:10 +0000 > > > Commit: Mark Johnston <markj@FreeBSD.org> > > > CommitDate: 2026-04-29 14:39:28 +0000 > > > > > > libnv: switch fd_wait() from select(2) to poll(2) > > > > > > The previous implementation used FD_SET() on a stack-allocated fd_set, > > > which is an out-of-bounds write whenever the socket fd is >= FD_SETSIZE > > > (1024). > > > > > > This problem seems like a more generic problem, after looking into > > sys/select.h > > > > What about adding a check for the FD_SET about the variable is on the stack > > or not? And enforce the FD_SETSIZE limit almost the same way as it is > > already done with fortify source. > > FORTIFY_SOURCE would automatically detect the addition of out-of-bounds > fds, so as a mitigation I would like to propose enabling it by default. As a small data point, HardenedBSD has set _FORTIFY_SOURCE=2 for both src and ports (integrated back when Kyle Evans committed the original work). Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Signal Username: shawn_webb.74 Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmn1FlwACgkQ/y5nonf4 4fqyjxAAgzgS8Qk013YaaafrQK3okguZRg3QmMBK3s4xnT4jVPPjFCYRRoQkukul 8LB0VebiFggu1efr4zgBQ/wppu42/yrP9E+2OFVlp+Z1MZIQHGPfgddbqcahq7TR MVvR9IOCA/1PxfS0CkEFZ3F7ptLOjNw5MyBy28W/Aoh6LGB/VH2lVB17Q11QHiSG NmiU++QAz7ax+B+zdeGS1QqHRIDJjoPwZwJmKt95Pny8Nugh9p4VVC99NUsxqi+i 5tpwRDHEviqZTTL91EkcPnp/8G0cewfvTWB9vDX+F2NpuZBtX8sWu80WSIvGmgQQ TFYxWc9eRkH9kFFhzyMGK4VV3spoUp411JNFgYRim468FZ5n/I6cUbTkxdNpXYos vLxaOhH/21q8giNIN7Vbcj/iTU4M/o+gWoDy7pRuY83DTq/pPll9kSVAZYxPmO2P 9ZbJaH9kfkzSzPu46QyQurEKqBwnA5vIwcxNwxf0DjiHbr/h2OEiJxUg7rx0Kmqr m29VgWqUsaJb2JKE9V8Vj7QLtWT6jJ1pOvrHH32S7VLJki/9yAQT4cs6FWK8b8H/ wj6ATD+IqVaHPjt+VItjgyYtthESjfwLZX2zIY3jj+byX6pUaOtY9F6DEZ3tEyjd 5gE7JYvULwhY8yfqzOx/6PUilWzSOH5AQ6j6TMY9Ju3Oo22+ZQQ= =oNaO -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e5mrhx6lxr2ccafz3ofa7tranfvivdfdsrwalf2ewhlwsp5mb4>