diff options
Diffstat (limited to 'src/serv.c')
-rw-r--r-- | src/serv.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/src/serv.c b/src/serv.c index 629c398529..add0ee4065 100644 --- a/src/serv.c +++ b/src/serv.c @@ -50,6 +50,7 @@ #include "read-file.h" #include "sockets.h" #include "xalloc.h" +#include "xsize.h" /* konqueror cannot handle sending the page in multiple * pieces. @@ -562,7 +563,7 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, char *http_buffer, *desc; gnutls_kx_algorithm_t kx_alg; size_t len = 20 * 1024 + strlen(header); - char *crtinfo = NULL, *crtinfo_old = NULL; + char *crtinfo = NULL; gnutls_protocol_t version; size_t ncrtinfo = 0; @@ -600,17 +601,22 @@ static char *peer_print_info(gnutls_session_t session, int *ret_length, && gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_FULL, &info) == 0) { - const char *post = "</PRE><P><PRE>"; + const char post[] = "</PRE><P><PRE>"; + char *crtinfo_new; + size_t ncrtinfo_new; - crtinfo_old = crtinfo; - crtinfo = - realloc(crtinfo, - ncrtinfo + info.size + - strlen(post) + 1); - if (crtinfo == NULL) { - free(crtinfo_old); + ncrtinfo_new = xsum3(ncrtinfo, info.size, + sizeof(post)); + if (size_overflow_p(ncrtinfo_new)) { + free(crtinfo); return NULL; } + crtinfo_new = realloc(crtinfo, ncrtinfo_new); + if (crtinfo_new == NULL) { + free(crtinfo); + return NULL; + } + crtinfo = crtinfo_new; memcpy(crtinfo + ncrtinfo, info.data, info.size); ncrtinfo += info.size; |