[Bug 59897] Buffer Overflow in FD_SET in nb_connect (jk_connect.c) leading to apache2 crash

[bu...@apache.org]

https://bz.apache.org/bugzilla/show_bug.cgi?id=59897

Koen Wilde <kw...@bol.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kwilde@bol.com

--- Comment #2 from Koen Wilde <kw...@bol.com> ---
Created attachment 34417
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34417&action=edit
[PATCH] Use poll(2) in posix nb_connect

This issue is caused by limitations of the select(2) system call. From the
(linux) manpage:

> POSIX allows an implementation to define an upper limit, advertised via the
> constant FD_SETSIZE, on the range of file descriptors that can be specified
> in a file descriptor set.  The Linux kernel imposes no fixed limit, but the
> glibc implementation makes fd_set a fixed-size type, with FD_SETSIZE defined
> as 1024, and the FD_*() macros operating according to that limit.  To
> monitor file descriptors greater than 1023, use poll(2) instead.

As Michiel already noted, poll(2) is already imported in jk_connect.c, so using
poll(2) doesn't add any new dependencies.

I've attached a patch that uses poll(2) if it is available at compile time;
otherwise it falls back to the current select(2) implementation.

On the long run, it would probably be preferable to use some kind of event
library like libuv or libevent that abstracts over the kernel interface, and
automatically uses the optimal one available (e.g. epoll on linux and kqueue on
FreeBSD). This would both improve portability and performance, and possibly
code simplicity.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org