From: Kirill Isakov Date: Mon, 30 May 2022 17:06:39 +0000 (+0600) Subject: Fix listen_sockets overflow in close_network_connections() X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=5d68458beed944d29d6da1bf82b311a5f3599119;p=tinc Fix listen_sockets overflow in close_network_connections() ==32610==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000f4f6a8 at pc 0x000000533bd6 bp 0x7ffeafc6f390 sp 0x7ffeafc6f388 READ of size 8 at 0x000000f4f6a8 thread T0 #0 0x533bd5 in io_del /home/runner/work/tinc/tinc/openssl3/../src/linux/event.c:104:9 #1 0x4f4808 in close_network_connections /home/runner/work/tinc/tinc/openssl3/../src/net_setup.c:1283:3 #2 0x4cea70 in main /home/runner/work/tinc/tinc/openssl3/../src/tincd.c:717:2 #3 0x7f493a1d3d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) #4 0x7f493a1d3e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) #5 0x421ac4 in _start (/home/runner/work/tinc/tinc/openssl3/src/tincd+0x421ac4) 0x000000f4f6a8 is located 8 bytes to the right of global variable 'listen_socket' defined in '../src/net_socket.c:48:17' (0xf4f0e0) of size 1472 SUMMARY: AddressSanitizer: global-buffer-overflow /home/runner/work/tinc/tinc/openssl3/../src/linux/event.c:104:9 in io_del --- diff --git a/src/net_setup.c b/src/net_setup.c index 2cd5818b..b88f5262 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -674,6 +674,7 @@ static bool add_listen_address(char *address, bool bindto) { } if(listen_sockets >= MAXSOCKETS) { + listen_sockets = MAXSOCKETS; logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets"); freeaddrinfo(ai); return false; @@ -1095,6 +1096,7 @@ static bool setup_myself(void) { #endif if(listen_sockets > MAXSOCKETS) { + listen_sockets = MAXSOCKETS; logger(DEBUG_ALWAYS, LOG_ERR, "Too many listening sockets"); return false; }