diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-02-21 08:43:26 +0100 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-03-29 13:09:23 +0200 |
commit | 584783a3fc2048ca6673ccdc4f44d0ffc46080cb (patch) | |
tree | 3bacd289bb6589ffe2b8271b3016a6ff3c32741a /lib/x509/pkcs12.c | |
parent | 93a86b1ecae876bd76c6c1d7b73d8588f753b963 (diff) | |
download | gnutls-584783a3fc2048ca6673ccdc4f44d0ffc46080cb.tar.gz |
build: avoid potential integer overflow in array allocation
This relies on _gnutls_reallocarray for all occasions of array
allocations, so that they can benefit from the built-in overflow
checks.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'lib/x509/pkcs12.c')
-rw-r--r-- | lib/x509/pkcs12.c | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 2dc0823905..ac0d2f565f 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -1455,10 +1455,9 @@ static int make_chain(gnutls_x509_crt_t ** chain, unsigned int *chain_len, != 0) goto skip; - *chain = - gnutls_realloc_fast(*chain, - sizeof((*chain)[0]) * - ++(*chain_len)); + *chain = _gnutls_reallocarray_fast(*chain, + ++(*chain_len), + sizeof((*chain)[0])); if (*chain == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -1779,11 +1778,9 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12, if (memcmp(cert_id, key_id, cert_id_size) != 0) { /* they don't match - skip the certificate */ _extra_certs = - gnutls_realloc_fast - (_extra_certs, - sizeof(_extra_certs - [0]) * - ++_extra_certs_len); + _gnutls_reallocarray_fast(_extra_certs, + ++_extra_certs_len, + sizeof(_extra_certs[0])); if (!_extra_certs) { gnutls_assert(); ret = |