From 121d7c7c14da6a0b6188d62f52a9d8548061057c Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Mon, 1 Mar 2021 11:39:21 +0100
Subject: [PATCH] Fix sloppy wording around stricly less-than vs less or equal

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/net_sockets.h |  4 ++--
 library/net_sockets.c         | 12 ++++++------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index f89f73d1a..d8188494e 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -184,7 +184,7 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
  *
  * \note           The current implementation of this function uses
  *                 select() and returns an error if the file descriptor
- *                 is beyond \c FD_SETSIZE.
+ *                 is \c FD_SETSIZE or greater.
  *
  * \param ctx      Socket to check
  * \param rw       Bitflag composed of MBEDTLS_NET_POLL_READ and
@@ -269,7 +269,7 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
  *
  * \note           The current implementation of this function uses
  *                 select() and returns an error if the file descriptor
- *                 is beyond \c FD_SETSIZE.
+ *                 is \c FD_SETSIZE or greater.
  *
  * \param ctx      Socket
  * \param buf      The buffer to write to
diff --git a/library/net_sockets.c b/library/net_sockets.c
index b2f76a002..671115f15 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -497,9 +497,9 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )
         return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
 
     /* A limitation of select() is that it only works with file descriptors
-     * up to FD_SETSIZE. This is a limitation of the fd_set type. Error out
-     * early, because attempting to call FD_SET on a large file descriptor
-     * is a buffer overflow on typical platforms. */
+     * that are strictly less than FD_SETSIZE. This is a limitation of the
+     * fd_set type. Error out early, because attempting to call FD_SET on a
+     * large file descriptor is a buffer overflow on typical platforms. */
     if( fd >= FD_SETSIZE )
         return( MBEDTLS_ERR_NET_POLL_FAILED );
 
@@ -623,9 +623,9 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf,
         return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
 
     /* A limitation of select() is that it only works with file descriptors
-     * up to FD_SETSIZE. This is a limitation of the fd_set type. Error out
-     * early, because attempting to call FD_SET on a large file descriptor
-     * is a buffer overflow on typical platforms. */
+     * that are strictly less than FD_SETSIZE. This is a limitation of the
+     * fd_set type. Error out early, because attempting to call FD_SET on a
+     * large file descriptor is a buffer overflow on typical platforms. */
     if( fd >= FD_SETSIZE )
         return( MBEDTLS_ERR_NET_POLL_FAILED );