diff options
author | Damien Miller <djm@mindrot.org> | 2006-03-26 14:22:47 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2006-03-26 14:22:47 +1100 |
commit | 36812092ecb11a25ca9d6d87fdeaf53e371c5043 (patch) | |
tree | 257ccc18998146f7f6e6c25cbb0ff9bd6de946a5 /xmalloc.c | |
parent | 07d86bec5eeaf19fe33dca99c8ebcbe9a77c3938 (diff) | |
download | openssh-git-36812092ecb11a25ca9d6d87fdeaf53e371c5043.tar.gz |
- djm@cvs.openbsd.org 2006/03/25 01:13:23
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
[uidswap.c]
change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is
almost always allocating "n * size" bytes, so this is a far safer
API; ok deraadt@
Diffstat (limited to 'xmalloc.c')
-rw-r--r-- | xmalloc.c | 10 |
1 files changed, 7 insertions, 3 deletions
@@ -35,7 +35,7 @@ xcalloc(size_t nmemb, size_t size) { void *ptr; - if (nmemb && size && SIZE_T_MAX / nmemb < size) + if (nmemb && size && SIZE_T_MAX / nmemb < size) fatal("xcalloc: nmemb * size > SIZE_T_MAX"); if (size == 0 || nmemb == 0) fatal("xcalloc: zero size"); @@ -47,10 +47,13 @@ xcalloc(size_t nmemb, size_t size) } void * -xrealloc(void *ptr, size_t new_size) +xrealloc(void *ptr, size_t nmemb, size_t size) { void *new_ptr; + size_t new_size = nmemb * size; + if (nmemb && size && SIZE_T_MAX / nmemb < size) + fatal("xrealloc: nmemb * size > SIZE_T_MAX"); if (new_size == 0) fatal("xrealloc: zero size"); if (ptr == NULL) @@ -58,7 +61,8 @@ xrealloc(void *ptr, size_t new_size) else new_ptr = realloc(ptr, new_size); if (new_ptr == NULL) - fatal("xrealloc: out of memory (new_size %lu bytes)", (u_long) new_size); + fatal("xrealloc: out of memory (new_size %lu bytes)", + (u_long) new_size); return new_ptr; } |