libvncclient: don't give invalid fds to FD_* macros

re #655
LibVNC · Mar 5, 2025 · b17c592 · b17c592
1 parent e7ee07d
commit b17c592
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 4 deletions.
diff --git a/src/libvncclient/listen.c b/src/libvncclient/listen.c
@@ -102,9 +102,9 @@ listenForIncomingConnections(rfbClient* client)
     r = select(rfbMax(listenSocket, listen6Socket)+1, &fds, NULL, NULL, NULL);
 
     if (r > 0) {
-      if (FD_ISSET(listenSocket, &fds))
+      if (listenSocket != RFB_INVALID_SOCKET && FD_ISSET(listenSocket, &fds))
 	client->sock = AcceptTcpConnection(client->listenSock); 
-      else if (FD_ISSET(listen6Socket, &fds))
+      else if (listen6Socket != RFB_INVALID_SOCKET && FD_ISSET(listen6Socket, &fds))
 	client->sock = AcceptTcpConnection(client->listen6Sock);
 
       if (client->sock == RFB_INVALID_SOCKET)
@@ -201,9 +201,9 @@ listenForIncomingConnectionsNoFork(rfbClient* client, int timeout)
 
   if (r > 0)
     {
-      if (FD_ISSET(client->listenSock, &fds))
+      if (client->listenSock != RFB_INVALID_SOCKET && FD_ISSET(client->listenSock, &fds))
 	client->sock = AcceptTcpConnection(client->listenSock); 
-      else if (FD_ISSET(client->listen6Sock, &fds))
+      else if (client->listen6Sock != RFB_INVALID_SOCKET && FD_ISSET(client->listen6Sock, &fds))
 	client->sock = AcceptTcpConnection(client->listen6Sock);
 
       if (client->sock == RFB_INVALID_SOCKET)

diff --git a/src/libvncclient/sockets.c b/src/libvncclient/sockets.c
@@ -296,6 +296,12 @@ WriteToRFBServer(rfbClient* client, const char *buf, unsigned int n)
 		errno == ENOENT ||
 #endif
 		errno == EAGAIN) {
+          if(client->sock == RFB_INVALID_SOCKET) {
+              errno = EBADF;
+              rfbClientErr("socket invalid\n");
+              return FALSE;
+          }
+
 	  FD_ZERO(&fds);
 	  FD_SET(client->sock,&fds);
 
@@ -858,6 +864,11 @@ int WaitForMessage(rfbClient* client,unsigned int usecs)
   timeout.tv_sec=(usecs/1000000);
   timeout.tv_usec=(usecs%1000000);
 
+  if(client->sock == RFB_INVALID_SOCKET) {
+      errno = EBADF;
+      return -1;
+  }
+
   FD_ZERO(&fds);
   FD_SET(client->sock,&fds);
 

diff --git a/src/libvncclient/tls_openssl.c b/src/libvncclient/tls_openssl.c
@@ -167,6 +167,11 @@ static int sock_read_ready(SSL *ssl, uint32_t ms)
 
 	FD_ZERO(&fds);
 
+        if(SSL_get_fd(ssl) == RFB_INVALID_SOCKET) {
+            errno = EBADF;
+            return -1;
+        }
+
 	FD_SET(SSL_get_fd(ssl), &fds);
 
 	tv.tv_sec = ms / 1000;