From: Pauli <paul.dale@oracle.com>
Date: Sat, 24 Aug 2019 06:13:24 +0000 (+1000)
Subject: Avoid overflowing FDSET when using select(2).
X-Git-Tag: OpenSSL_1_1_1d~44
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=4bdab2571782393e4ba3acb8578c415ce1575a75;p=oweals%2Fopenssl.git

Avoid overflowing FDSET when using select(2).

There is a problem in the rand_unix.c code when the random seed fd is greater
than or equal to FD_SETSIZE and the FDSET overruns its limit and walks the
stack.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9686)

(cherry picked from commit e1f8584d47a499301fba781086af6885fcf21fec)
---

diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 0d449d235a..258fef7eb0 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -411,7 +411,7 @@ static int wait_random_seeded(void)
             }
             /* Open /dev/random and wait for it to be readable */
             if ((fd = open(DEVRANDOM_WAIT, O_RDONLY)) != -1) {
-                if (DEVRANDM_WAIT_USE_SELECT) {
+                if (DEVRANDM_WAIT_USE_SELECT && fd < FD_SETSIZE) {
                     FD_ZERO(&fds);
                     FD_SET(fd, &fds);
                     while ((r = select(fd + 1, &fds, NULL, NULL, NULL)) < 0