[Patches] fix possible overflow in select()

Trent Mick trentm@activestate.com
Fri, 2 Jun 2000 17:37:54 -0700


Dicussion:

This patches fixes a possible overflow of the optional timeout parameter for
the select() function (selectmodule.c). This timeout is passed in as a double
and then truncated to an int. If the double is sufficiently large you can get
unexpected results as it overflows. This patch raises an overflow if the
given select timeout overflows.


Legal:

I confirm that, to the best of my knowledge and belief, this
contribution is free of any claims of third parties under
copyright, patent or other rights or interests ("claims").  To
the extent that I have any such claims, I hereby grant to CNRI a
nonexclusive, irrevocable, royalty-free, worldwide license to
reproduce, distribute, perform and/or display publicly, prepare
derivative versions, and otherwise use this contribution as part
of the Python software and its related documentation, or any
derivative versions thereof, at no cost to CNRI or its licensed
users, and to authorize others to do so.

I acknowledge that CNRI may, at its sole discretion, decide
whether or not to incorporate this contribution in the Python
software and its related documentation.  I further grant CNRI
permission to use my name and other identifying information
provided to CNRI by me for use in connection with the Python
software and its related documentation.



Patch (use 'pathc -p8'):

diff  -c /home/trentm/main/contrib/python/dist/src/Modules/selectmodule.c /home/trentm/main/Apps/Perlium/Python/dist/src/Modules/selectmodule.c
*** /home/trentm/main/contrib/python/dist/src/Modules/selectmodule.c	Thu Jun  1 00:13:39 2000
--- /home/trentm/main/Apps/Perlium/Python/dist/src/Modules/selectmodule.c	Fri Jun  2 15:53:43 2000
***************
*** 238,244 ****
  	fd_set ifdset, ofdset, efdset;
  	double timeout;
  	struct timeval tv, *tvp;
! 	int seconds;
  	int imax, omax, emax, max;
  	int n;
  
--- 238,244 ----
  	fd_set ifdset, ofdset, efdset;
  	double timeout;
  	struct timeval tv, *tvp;
! 	long seconds;
  	int imax, omax, emax, max;
  	int n;
  
***************
*** 255,264 ****
  		return NULL;
  	}
  	else {
! 		seconds = (int)timeout;
  		timeout = timeout - (double)seconds;
  		tv.tv_sec = seconds;
! 		tv.tv_usec = (int)(timeout*1000000.0);
  		tvp = &tv;
  	}
  
--- 255,268 ----
  		return NULL;
  	}
  	else {
! 		if (timeout > (double)LONG_MAX) {
! 			PyErr_SetString(PyExc_OverflowError, "timeout period too long");
! 			return NULL;
! 		}
! 		seconds = (long)timeout;
  		timeout = timeout - (double)seconds;
  		tv.tv_sec = seconds;
! 		tv.tv_usec = (long)(timeout*1000000.0);
  		tvp = &tv;
  	}
  


-- 
Trent Mick
trentm@activestate.com