git: 1d0410fb349f - main - ping6: convert receive loop from pselect(2) to ppoll(2)

The branch main has been updated by oshogbo:

URL: https://cgit.FreeBSD.org/src/commit/?id=1d0410fb349fded5a79db3c6e6d993eb9efcc10c

commit 1d0410fb349fded5a79db3c6e6d993eb9efcc10c
Author:     Mariusz Zaborski <oshogbo@FreeBSD.org>
AuthorDate: 2026-05-21 06:08:46 +0000
Commit:     Mariusz Zaborski <oshogbo@FreeBSD.org>
CommitDate: 2026-05-21 06:10:49 +0000

    ping6: convert receive loop from pselect(2) to ppoll(2)
    
    pselect(2) might overflow if the desciptor number is above
    FD_SETSIZE and silently corrupt the stack. Switch to ppoll(2) so
    the receive socket fd is no longer constrained by FD_SETSIZE.
    
    Reported by:    Joshua Rogers of AISLE Research Team
    Reviewed by:    markj
    MFC after:      7 days
    Differential Revision:  https://reviews.freebsd.org/D56721
---
 sbin/ping/ping6.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/sbin/ping/ping6.c b/sbin/ping/ping6.c
index f81de062e59a..b00b00ac8ce1 100644
--- a/sbin/ping/ping6.c
+++ b/sbin/ping/ping6.c
@@ -111,6 +111,7 @@
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <poll.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -1145,7 +1146,7 @@ ping6(int argc, char *argv[])
 		struct timespec now, timeout;
 		struct msghdr m;
 		struct iovec iov[2];
-		fd_set rfds;
+		struct pollfd pfd;
 		int n;
 
 		/* signal handling */
@@ -1154,15 +1155,16 @@ ping6(int argc, char *argv[])
 			seeninfo = 0;
 			continue;
 		}
-		FD_ZERO(&rfds);
-		FD_SET(srecv, &rfds);
+		pfd.fd = srecv;
+		pfd.events = POLLIN;
+		pfd.revents = 0;
 		clock_gettime(CLOCK_MONOTONIC, &now);
 		timespecadd(&last, &intvl, &timeout);
 		timespecsub(&timeout, &now, &timeout);
 		if (timeout.tv_sec < 0)
 			timespecclear(&timeout);
 
-		n = pselect(srecv + 1, &rfds, NULL, NULL, &timeout, NULL);
+		n = ppoll(&pfd, 1, &timeout, NULL);
 		if (n < 0)
 			continue;	/* EINTR */
 		if (n == 1) {