-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Descriptor range check fails in Winsock #4465
Comments
Seeing the same issue in v.2.26.0 compiled under VS 2019. |
Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with MBEDTLS_ERR_NET_POLL_FAILED on Windows: they were testing that the file descriptor is in range for fd_set, but on Windows socket descriptors are not limited to a small range. Fixes Mbed-TLS#4465. Signed-off-by: Gilles Peskine <[email protected]>
Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with MBEDTLS_ERR_NET_POLL_FAILED on Windows: they were testing that the file descriptor is in range for fd_set, but on Windows socket descriptors are not limited to a small range. Fixes Mbed-TLS#4465. Signed-off-by: Gilles Peskine <[email protected]>
Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with MBEDTLS_ERR_NET_POLL_FAILED on Windows: they were testing that the file descriptor is in range for fd_set, but on Windows socket descriptors are not limited to a small range. Fixes Mbed-TLS#4465. Signed-off-by: Gilles Peskine <[email protected]>
Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with MBEDTLS_ERR_NET_POLL_FAILED on Windows: they were testing that the file descriptor is in range for fd_set, but on Windows socket descriptors are not limited to a small range. Fixes Mbed-TLS#4465. Signed-off-by: Gilles Peskine <[email protected]>
Thanks for addressing this promptly. |
Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with MBEDTLS_ERR_NET_POLL_FAILED on Windows: they were testing that the file descriptor is in range for fd_set, but on Windows socket descriptors are not limited to a small range. Fixes Mbed-TLS#4465. Signed-off-by: Gilles Peskine <[email protected]>
Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with MBEDTLS_ERR_NET_POLL_FAILED on Windows: they were testing that the file descriptor is in range for fd_set, but on Windows socket descriptors are not limited to a small range. Fixes Mbed-TLS#4465. Signed-off-by: Gilles Peskine <[email protected]>
Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with MBEDTLS_ERR_NET_POLL_FAILED on Windows: they were testing that the file descriptor is in range for fd_set, but on Windows socket descriptors are not limited to a small range. Fixes Mbed-TLS#4465. Signed-off-by: Gilles Peskine <[email protected]>
Ooops. I did all but the actual bug fix. Thanks, please try the updated version. I used the same condition that we use to decide whether to |
Either way would work, but defined(WINSOCKAPI) is more self-documenting since it is the WinSock API, not WIN32 per se, that defines the sock()'s return value to be a handle rather than file descriptor. So the equivalent check is (defined(WINSOCKAPI) && !defined(EFIX64) && !defined(EFI32)). I don't think there would be a case of including winsock2.h but a socket return that is incompatible with what is defined in that file. |
A bit late to this.. from what I can see the changes are still using |
Correct. It should have been WINSOCKAPI in my original report. |
Description
Bug
The recently added range check in net_sockets.c on the socket descriptor fd fails in Windows because under winsock, the socket descriptor is a handle, not a file descriptor. See description in https://docs.microsoft.com/en-us/windows/win32/winsock/socket-data-type-2.
OS
windows
mbed TLS build:
Version: 2.16.10 git ddf4374
OS version: Windows 10 19042.964
Configuration:
Compiler and options (if you used a pre-built binary, please indicate how you obtained it):
VisualStudio 2017, C/C++ project, but the version doesn't matter.
Peer device TLS stack and version
any
Version:
any
Expected behavior
TLS connection should succeed
Actual behavior
TLS connection fails because MBEDTLS_ERR_NET_POLL_FAILED is returned from mbedtls_net_poll() and mbedtls_net_recv_timeout()
Steps to reproduce
Build library using VisualStudio 2017 and connect to server running mbedtls
Suggested fix
Exclude range check when compiling under winsock:
#if !( defined(WINSOCKAPI) /* winsock fd is a handle, not file descriptor */
if( fd >= FD_SETSIZE )
return( MBEDTLS_ERR_NET_POLL_FAILED );
#endif
Alternatively, include the range check only under those platforms where the socket descriptor is known to be an actual file descriptor.
The text was updated successfully, but these errors were encountered: