cap_main_test.c - OpenGrok history log for /freebsd/lib/libcasper/tests/cap_main

Revision (<<< Hide revision tags) (Show revision tags >>>)	Date	Author	Comments
Revision tags: release/14.4.0-p5, release/14.3.0-p14, release/15.0.0-p9
# a10bc81d	18-May-2026	Mariusz Zaborski <oshogbo@FreeBSD.org>	libcasper: switch from select(2) to poll(2) The previous implementation used FD_SET() on a stack-allocated fd_set, which is an out-of-bounds write whenever the socket fd is >= FD_SETSIZE (1024). po libcasper: switch from select(2) to poll(2) The previous implementation used FD_SET() on a stack-allocated fd_set, which is an out-of-bounds write whenever the socket fd is >= FD_SETSIZE (1024). poll(2) takes an array indexed by slot rather than by fd value, so it has no FD_SETSIZE limit. Approved by: so Security: FreeBSD-SA-26:22.libcasper Security: CVE-2026-39461 Reported by: Joshua Rogers Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D56695 show more ...

Revision (<<< Hide revision tags) (Show revision tags >>>)

Date

Author

Comments

Revision tags: release/14.4.0-p5, release/14.3.0-p14, release/15.0.0-p9

# a10bc81d

18-May-2026

Mariusz Zaborski <oshogbo@FreeBSD.org>

libcasper: switch from select(2) to poll(2)

The previous implementation used FD_SET() on a stack-allocated fd_set,
which is an out-of-bounds write whenever the socket fd is >= FD_SETSIZE
(1024).

po

libcasper: switch from select(2) to poll(2)

The previous implementation used FD_SET() on a stack-allocated fd_set,
which is an out-of-bounds write whenever the socket fd is >= FD_SETSIZE
(1024).

poll(2) takes an array indexed by slot rather than by fd value, so it
has no FD_SETSIZE limit.

Approved by: so
Security: FreeBSD-SA-26:22.libcasper
Security: CVE-2026-39461
Reported by: Joshua Rogers
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56695