Merge pull request #4687 from gilles-peskine-arm/winsock-fd-range-3.0

Fix net_sockets regression on Windows
2025-11-04 04:32:24 -05:00 · 2021-06-22 09:29:23 +02:00 · 2021-06-22 09:29:23 +02:00 · ffafae4f51
commit ffafae4f51
parent a805d57261 a5dd7bded8
2 changed files with 41 additions and 22 deletions
--- a/ChangeLog.d/winsock.txt
+++ b/ChangeLog.d/winsock.txt
@ -0,0 +1,4 @@
+Bugfix
+   * Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with
+     MBEDTLS_ERR_NET_POLL_FAILED on Windows. Fixes #4465.
+
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@ -135,6 +135,31 @@ static int net_prepare( void )
    return( 0 );
 }

+/*
+ * Return 0 if the file descriptor is valid, an error otherwise.
+ * If for_select != 0, check whether the file descriptor is within the range
+ * allowed for fd_set used for the FD_xxx macros and the select() function.
+ */
+static int check_fd( int fd, int for_select )
+{
+    if( fd < 0 )
+        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
+    !defined(EFI32)
+    (void) for_select;
+#else
+    /* A limitation of select() is that it only works with file descriptors
+     * that are strictly less than FD_SETSIZE. This is a limitation of the
+     * fd_set type. Error out early, because attempting to call FD_SET on a
+     * large file descriptor is a buffer overflow on typical platforms. */
+    if( for_select && fd >= FD_SETSIZE )
+        return( MBEDTLS_ERR_NET_POLL_FAILED );
+#endif
+
+    return( 0 );
+}
+
 /*
 * Initialize a context
 */
@ -466,15 +491,9 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )

    int fd = ctx->fd;

-    if( fd < 0 )
-        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
-
-    /* A limitation of select() is that it only works with file descriptors
-     * that are strictly less than FD_SETSIZE. This is a limitation of the
-     * fd_set type. Error out early, because attempting to call FD_SET on a
-     * large file descriptor is a buffer overflow on typical platforms. */
-    if( fd >= FD_SETSIZE )
-        return( MBEDTLS_ERR_NET_POLL_FAILED );
+    ret = check_fd( fd, 1 );
+    if( ret != 0 )
+        return( ret );

 #if defined(__has_feature)
 #if __has_feature(memory_sanitizer)
@ -553,8 +572,9 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    int fd = ((mbedtls_net_context *) ctx)->fd;

-    if( fd < 0 )
-        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+    ret = check_fd( fd, 0 );
+    if( ret != 0 )
+        return( ret );

    ret = (int) read( fd, buf, len );

@ -592,15 +612,9 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf,
    fd_set read_fds;
    int fd = ((mbedtls_net_context *) ctx)->fd;

-    if( fd < 0 )
-        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
-
-    /* A limitation of select() is that it only works with file descriptors
-     * that are strictly less than FD_SETSIZE. This is a limitation of the
-     * fd_set type. Error out early, because attempting to call FD_SET on a
-     * large file descriptor is a buffer overflow on typical platforms. */
-    if( fd >= FD_SETSIZE )
-        return( MBEDTLS_ERR_NET_POLL_FAILED );
+    ret = check_fd( fd, 1 );
+    if( ret != 0 )
+        return( ret );

    FD_ZERO( &read_fds );
    FD_SET( fd, &read_fds );
@ -640,8 +654,9 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    int fd = ((mbedtls_net_context *) ctx)->fd;

-    if( fd < 0 )
-        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+    ret = check_fd( fd, 0 );
+    if( ret != 0 )
+        return( ret );

    ret = (int) write( fd, buf, len );