Here's a sample program. Try running it and open about 2k of
connections to port 5222 (you'll need ulimit -n 10000 or like that). It
will segfault. Simple asm like this
"pushl %eax \n\t" "movl 0(%ebp), %eax \n\t"
"cmp $65535, %eax \n\t"
"ja isok \n\t"
"xor %eax, %eax \n\t"
"movl %eax, 0(%eax) \n\t"
"popl %eax \n\t"
after each subroutine call will show you that after select() [ebp] have
weird value. While this is unlikely to be a security flaw, i think this
is a bug.
ps: it's okay for 1k of connections or so
pps: kernel 2.4.17 on i686, gcc 3.0.3, glibc 2.2.3.
This archive was generated by hypermail 2b29 : Thu Feb 28 2002 - 21:00:38 EST