Interesting new class of bugs I need to write about and report: select requires pointers to objects of type fd_set, but some programs including OpenSSH pass it a pointer to malloc'd memory sized only for nfds, not sizeof(fd_set).
-
Show this thread
-
This was discovered by midipix (
@mpixorg) via heap-based overflow in ssh client with a select implementation that writes the whole fd_set, which seems to be conforming behavior.2 replies 0 retweets 1 likeShow this thread -
Replying to @RichFelker @mpixorg
That's a broken select implementation. Might be a broken spec too.
1 reply 0 retweets 0 likes -
It doesn't match the Linux syscall ABI that leaves flexibility for the userspace implementation to choose what FD_SETSIZE is, and thus it was promptly changed, but it's a perfectly valid implementation of the select function, which is a fundamentally broken API.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @mpixorg
The reaction to "doing what the spec allows will break thousands of programs" isn't to change thousands of programs. Fix the spec.
2 replies 0 retweets 0 likes
It's really pointless because the only spec change made to select should be marking it obsolescent. It has way too many show-stopping problems, all solved by using poll instead.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.