From 650115f1b4ed2fd4aa7d65ce7578bc919e0601f4 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 30 Jun 2020 17:53:20 +0200
Subject: [PATCH 1/1] swrap: always check new fd's against socket_fds_max and
 use libc_close() for cleanup

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---
 src/socket_wrapper.c | 53 ++++++++++++++++++++++++++++++++++++++------
 1 file changed, 46 insertions(+), 7 deletions(-)

diff --git a/src/socket_wrapper.c b/src/socket_wrapper.c
index 1a76c19..3ac802a 100644
--- a/src/socket_wrapper.c
+++ b/src/socket_wrapper.c
@@ -1854,6 +1854,7 @@ static int swrap_create_socket(struct socket_info *si, int fd)
 			  "trying to add %d",
 			  socket_fds_max,
 			  fd);
+		errno = EMFILE;
 		return -1;
 	}
 
@@ -2964,7 +2965,7 @@ static int swrap_pcap_get_fd(const char *fname)
 		file_hdr.link_type	= 0x0065; /* 101 RAW IP */
 
 		if (write(fd, &file_hdr, sizeof(file_hdr)) != sizeof(file_hdr)) {
-			close(fd);
+			libc_close(fd);
 			fd = -1;
 		}
 		return fd;
@@ -3469,6 +3470,9 @@ static int swrap_socket(int family, int type, int protocol)
 
 	ret = swrap_create_socket(si, fd);
 	if (ret == -1) {
+		int saved_errno = errno;
+		libc_close(fd);
+		errno = saved_errno;
 		return -1;
 	}
 
@@ -3639,7 +3643,7 @@ static int swrap_accept(int s,
 				       &in_addr.sa_socklen);
 	if (ret == -1) {
 		SWRAP_UNLOCK_SI(parent_si);
-		close(fd);
+		libc_close(fd);
 		return ret;
 	}
 
@@ -3671,7 +3675,7 @@ static int swrap_accept(int s,
 			       &un_my_addr.sa.s,
 			       &un_my_addr.sa_socklen);
 	if (ret == -1) {
-		close(fd);
+		libc_close(fd);
 		return ret;
 	}
 
@@ -3682,7 +3686,7 @@ static int swrap_accept(int s,
 				       &in_my_addr.sa.s,
 				       &in_my_addr.sa_socklen);
 	if (ret == -1) {
-		close(fd);
+		libc_close(fd);
 		return ret;
 	}
 
@@ -3697,7 +3701,9 @@ static int swrap_accept(int s,
 
 	idx = swrap_create_socket(&new_si, fd);
 	if (idx == -1) {
-		close (fd);
+		int saved_errno = errno;
+		libc_close(fd);
+		errno = saved_errno;
 		return -1;
 	}
 
@@ -6605,6 +6611,17 @@ static int swrap_dup(int fd)
 		return -1;
 	}
 
+	if ((size_t)dup_fd >= socket_fds_max) {
+		SWRAP_LOG(SWRAP_LOG_ERROR,
+			  "The max socket index limit of %zu has been reached, "
+			  "trying to add %d",
+			  socket_fds_max,
+			  dup_fd);
+		libc_close(dup_fd);
+		errno = EMFILE;
+		return -1;
+	}
+
 	SWRAP_LOCK_SI(si);
 
 	swrap_inc_refcount(si);
@@ -6650,6 +6667,16 @@ static int swrap_dup2(int fd, int newfd)
 		return newfd;
 	}
 
+	if ((size_t)newfd >= socket_fds_max) {
+		SWRAP_LOG(SWRAP_LOG_ERROR,
+			  "The max socket index limit of %zu has been reached, "
+			  "trying to add %d",
+			  socket_fds_max,
+			  newfd);
+		errno = EMFILE;
+		return -1;
+	}
+
 	if (find_socket_info(newfd)) {
 		/* dup2() does an implicit close of newfd, which we
 		 * need to emulate */
@@ -6707,14 +6734,26 @@ static int swrap_vfcntl(int fd, int cmd, va_list va)
 			return -1;
 		}
 
+		/* Make sure we don't have an entry for the fd */
+		swrap_remove_stale(dup_fd);
+
+		if ((size_t)dup_fd >= socket_fds_max) {
+			SWRAP_LOG(SWRAP_LOG_ERROR,
+			  "The max socket index limit of %zu has been reached, "
+			  "trying to add %d",
+			  socket_fds_max,
+			  dup_fd);
+			libc_close(dup_fd);
+			errno = EMFILE;
+			return -1;
+		}
+
 		SWRAP_LOCK_SI(si);
 
 		swrap_inc_refcount(si);
 
 		SWRAP_UNLOCK_SI(si);
 
-		/* Make sure we don't have an entry for the fd */
-		swrap_remove_stale(dup_fd);
 
 		set_socket_info_index(dup_fd, idx);
 
-- 
2.34.1