From bd2dbcbd84aaf07c1d65fef05358610eedbafed9 Mon Sep 17 00:00:00 2001
From: claudio <claudio@openbsd.org>
Date: Fri, 11 Mar 2022 09:57:54 +0000
Subject: [PATCH] Fix overflow protection check in the poll loop. The check
 needs to happen at the start of the loop and with i >= NPFDS. Reported by
 Martin Vahlensieck (openbsd (at) academicsolutions.ch) OK tb@

---
 usr.sbin/rpki-client/http.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/usr.sbin/rpki-client/http.c b/usr.sbin/rpki-client/http.c
index e04af6afc70..ffce30fc17a 100644
--- a/usr.sbin/rpki-client/http.c
+++ b/usr.sbin/rpki-client/http.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: http.c,v 1.53 2022/02/10 11:10:40 tb Exp $  */
+/*	$OpenBSD: http.c,v 1.54 2022/03/11 09:57:54 claudio Exp $  */
 /*
  * Copyright (c) 2020 Nils Fisher <nils_fisher@hotmail.com>
  * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
@@ -1809,6 +1809,9 @@ proc_http(char *bind_addr, int fd)
 		timeout = INFTIM;
 		now = getmonotime();
 		LIST_FOREACH(conn, &active, entry) {
+			if (i >= NPFDS)
+				errx(1, "too many connections");
+
 			if (conn->io_time == 0)
 				conn->io_time = now + HTTP_IO_TIMEOUT;
 
@@ -1828,10 +1831,11 @@ proc_http(char *bind_addr, int fd)
 			pfds[i].events = conn->events;
 			conn->pfd = &pfds[i];
 			i++;
-			if (i > NPFDS)
-				errx(1, "too many connections");
 		}
 		LIST_FOREACH(conn, &idle, entry) {
+			if (i >= NPFDS)
+				errx(1, "too many connections");
+
 			if (conn->idle_time <= now)
 				timeout = 0;
 			else {
@@ -1844,8 +1848,6 @@ proc_http(char *bind_addr, int fd)
 			pfds[i].events = POLLIN;
 			conn->pfd = &pfds[i];
 			i++;
-			if (i > NPFDS)
-				errx(1, "too many connections");
 		}
 
 		if (poll(pfds, i, timeout) == -1) {
-- 
2.20.1