Project

General

Profile

Actions

Bug #8681

open
JI

unix-socket: select() off-by-one breaks multi-chunk V2 commands

Bug #8681: unix-socket: select() off-by-one breaks multi-chunk V2 commands

Added by Jason Ish 8 days ago. Updated 1 day ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Reported by Sreejith Gopinath.

File: src/unix-manager.c:594
ret = select(client->fd, &select_set, NULL, NULL, &tv);
// ^^^^^^^^^ should be client->fd + 1
select()'s nfds argument must be the highest monitored file descriptor plus one. Passing client->fd means the fd is never in the watched set; every call times out immediately. Any V2-protocol command whose JSON payload arrives across multiple TCP segments; large payloads, slow path, or deliberately fragmented, silently fails and the connection is closed. This can be triggered deliberately to degrade the management channel.
CWE-193. Confirmed at runtime: unix-socket-v2-partial-read-01 fails on both 7.0.15 and 8.0.4 with a fragmented V2 command.
Suggested remediation: select(client->fd + 1, &select_set, NULL, NULL, &tv)

Actions

Also available in: PDF Atom