From owner-freebsd-hackers Sat Jun 21 02:40:57 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id CAA21217 for hackers-outgoing; Sat, 21 Jun 1997 02:40:57 -0700 (PDT) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA21211 for ; Sat, 21 Jun 1997 02:40:54 -0700 (PDT) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.5/8.6.9) id TAA24130; Sat, 21 Jun 1997 19:38:28 +1000 Date: Sat, 21 Jun 1997 19:38:28 +1000 From: Bruce Evans Message-Id: <199706210938.TAA24130@godzilla.zeta.org.au> To: jkh@time.cdrom.com, sthaug@nethelp.no Subject: Re: gethostbyname() and fds >255 Cc: hackers@FreeBSD.ORG, marcs@znep.com Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >The problem is in res_send(). In lib/libc/net/res_send.c line 577 in >FreeBSD-current we have: > > if (s+1 > FD_SETSIZE) { >#ifdef DEBUG > if (_res.options & RES_DEBUG) > fprintf(stderr, > "res_send: too many files\n"); >#endif > res_close(); > goto next_ns; > } > >and FD_SETSIZE is statically defined as 256 in /usr/include/sys/types.h. >... FD_SETSIZE is statically defined as 1024 in -current. This just moves the problem. >Since this code was added between 4.9.5-P1 and 4.9.6, my guess is that >it's an attempt to stop some sort of denial of service attack - but it It is to prevent writing beyond the end of sdmask in in FD_SET(s, &sdmask). >looks like it may not be the best way to fix it. Library functions should not have arbitrary limits, so library code that wants to use select(2) should avoid using the official interface with statically defined fd_set's. This isn't easy, and it is only possible now that the kernel doesn't really implement the official interface. Bruce