From 8173c4f1f8a145c4b1d454f6f05e26950e23d675 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 14 Jun 2016 08:35:12 +0200
Subject: [PATCH] core: Make sure FD_SET is not used with an out of range fd.

* src/posix-io.c (_gpgme_io_select): Check for FD out of range.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 src/posix-io.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/posix-io.c b/src/posix-io.c
index f3361534..258e8ea5 100644
--- a/src/posix-io.c
+++ b/src/posix-io.c
@@ -604,6 +604,12 @@ _gpgme_io_select (struct io_select_fd_s *fds, size_t nfds, int nonblock)
 	continue;
       if (fds[i].for_read)
 	{
+          if (fds[i].fd >= FD_SETSIZE)
+            {
+              TRACE_END (dbg_help, " -BAD- ]");
+              gpg_err_set_errno (EBADF);
+              return TRACE_SYSRES (-1);
+            }
 	  assert (!FD_ISSET (fds[i].fd, &readfds));
 	  FD_SET (fds[i].fd, &readfds);
 	  if (fds[i].fd > max_fd)
@@ -613,6 +619,12 @@ _gpgme_io_select (struct io_select_fd_s *fds, size_t nfds, int nonblock)
         }
       else if (fds[i].for_write)
 	{
+          if (fds[i].fd >= FD_SETSIZE)
+            {
+              TRACE_END (dbg_help, " -BAD- ]");
+              gpg_err_set_errno (EBADF);
+              return TRACE_SYSRES (-1);
+            }
 	  assert (!FD_ISSET (fds[i].fd, &writefds));
 	  FD_SET (fds[i].fd, &writefds);
 	  if (fds[i].fd > max_fd)