[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Chicken-hackers] [PATCH] *portable* fix for select() buffer overrun

From: Peter Bex
Subject: [Chicken-hackers] [PATCH] *portable* fix for select() buffer overrun
Date: Sun, 18 Nov 2012 21:09:51 +0100
User-agent: Mutt/

Hello all,

Windows is a pain in the neck.  Here's a patch that uses poll() on
all systems except Windows.  This should work around the buffer overrun
vulnerability in select() described in
I hope we can finally check this one off our list; it's been almost
half a year!

I've tested Spiffy on NetBSD with Slowloris, and I couldn't get it to
crash when HAVE_POSIX_POLL was defined, whereas it would crash quickly
when it wasn't (but only in a DEBUGBUILD; for some reason a normal build
won't crash so easily).

"The process of preparing programs for a digital computer
 is especially attractive, not only because it can be economically
 and scientifically rewarding, but also because it can be an aesthetic
 experience much like composing poetry or music."
                                                        -- Donald Knuth

Attachment: 0001-Fix-select-buffer-overrun-vulnerability-by-using-POS.patch
Description: Text document

reply via email to

[Prev in Thread] Current Thread [Next in Thread]