From 62f0f73bf0e15e9830486a51c2114ae8399dbade Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Sat, 13 Feb 2021 00:58:33 +0100
Subject: [PATCH] Kernel: Limit the number of file descriptors sys$poll() can
 handle

Just slap an arbitrary limit on there so we don't panic if somebody
asks us to poll 1 fajillion fds.

Found by fuzz-syscalls. :^)
---
 Kernel/Syscalls/select.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Kernel/Syscalls/select.cpp b/Kernel/Syscalls/select.cpp
index 2b46802e8a5..f9065459327 100644
--- a/Kernel/Syscalls/select.cpp
+++ b/Kernel/Syscalls/select.cpp
@@ -147,6 +147,10 @@ int Process::sys$poll(Userspace<const Syscall::SC_poll_params*> user_params)
     if (!copy_from_user(&params, user_params))
         return -EFAULT;
 
+    // This limit is just a number from the place where numbers come from.
+    if (params.nfds >= 16384)
+        return -ENOBUFS;
+
     Thread::BlockTimeout timeout;
     if (params.timeout) {
         timespec timeout_copy;