From 8a783f5440817b8db8d27b6a3fb14c301ffa9ad7 Mon Sep 17 00:00:00 2001
From: Waldemar Brodkorb <wbx@openadk.org>
Date: Sun, 13 Dec 2015 23:38:30 +0100
Subject: svc.c: svc_getreqset() buffer overflow

http://bugs.busybox.net/show_bug.cgi?id=5588

Signed-off-by: Leonid Lisovskiy <lly.dev@gmail.com>
Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
---
 libc/inet/rpc/svc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libc/inet/rpc/svc.c b/libc/inet/rpc/svc.c
index 6d7253a43..c3d55185b 100644
--- a/libc/inet/rpc/svc.c
+++ b/libc/inet/rpc/svc.c
@@ -448,6 +448,8 @@ svc_getreqset (fd_set *readfds)
   register int bit;
 
   setsize = _rpc_dtablesize ();
+  if (setsize > FD_SETSIZE)
+    setsize = FD_SETSIZE;
   maskp = (u_int32_t *) readfds->fds_bits;
   for (sock = 0; sock < setsize; sock += 32)
     for (mask = *maskp++; (bit = ffs (mask)); mask ^= (1 << (bit - 1)))
-- 
cgit v1.2.3