Fix out of bounds socket description vector access

Change-Id: Iacfa7ad31ad1aa5e7f4743fc114e283acc58af8e

diff --git a/src/server/main/include/socket-manager.h b/src/server/main/include/socket-manager.h
index a9e9e7e..e9d2366 100644 (file)
--- a/src/server/main/include/socket-manager.h
+++ b/src/server/main/include/socket-manager.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved.
+ * Copyright (c) 2014-2022 Samsung Electronics Co., Ltd. All rights reserved
  *
  * This file is licensed under the terms of MIT License or the Apache License
  * Version 2.0 of your choice. See the LICENSE.MIT file for MIT license details.
@@ -101,7 +101,7 @@ private:
     Service *m_service = nullptr;
     fd_set m_readSet;
     fd_set m_writeSet;
-    int m_maxDesc = 0;
+    int m_maxDesc = -1;
     int m_signalFd, m_listenSock = -1, m_notifyMe;
     time_t m_nextGenerationStart = 0;
     std::mutex m_eventQueueMutex;

diff --git a/src/server/main/socket-manager.cpp b/src/server/main/socket-manager.cpp
index 7a9f3c8..e61406c 100644 (file)
--- a/src/server/main/socket-manager.cpp
+++ b/src/server/main/socket-manager.cpp
@@ -65,20 +65,21 @@ namespace SecurityManager {
 
 void SocketManager::RegisterFdForReading(int fd) {
     FD_SET(fd, &m_readSet);
-    m_maxDesc = std::max(m_maxDesc, fd);
+    if (m_maxDesc < fd) {
+        m_maxDesc = fd;
+        if ((int)m_socketDescriptionVector.size() <= fd)
+            m_socketDescriptionVector.resize(fd+20);
+    }
 }
 
 void SocketManager::CreateDefaultReadSocketDescription(int sock)
 {
-    if ((int)m_socketDescriptionVector.size() <= sock)
-        m_socketDescriptionVector.resize(sock+20);
+    RegisterFdForReading(sock);
 
     auto &desc = m_socketDescriptionVector[sock];
     desc.isOpen = true;
     desc.isActiveThisGeneration = true;
     desc.buffer.InitForInput();
-
-    RegisterFdForReading(sock);
 }
 
 SocketManager::SocketManager()