- (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c

   session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
   in Portable-only code; since calloc zeros, remove now-redundant memsets.
   Also add a couple of sanity checks.  With & ok djm@

11 files changed, 31 insertions, 20 deletions

diff --git a/ChangeLog b/ChangeLog
index 49e83118..fe0536a7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20060504
+ - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
+   session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c
+   openbsd-compat/setproctitle.c] Convert malloc(foo*bar) -> calloc(foo,bar)
+   in Portable-only code; since calloc zeros, remove now-redundant memsets.
+   Also add a couple of sanity checks.  With & ok djm@
+
 20060503
  - (dtucker) [packet.c] Remove in_systm.h since it's also in includes.h
    and double including it on IRIX 5.3 causes problems.  From Georg Schwarz,
@@ -4587,4 +4594,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4319 2006/05/03 09:01:09 dtucker Exp $
+$Id: ChangeLog,v 1.4320 2006/05/04 06:24:34 dtucker Exp $
diff --git a/auth-pam.c b/auth-pam.c
index c12f413e..5ddc8bec 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -288,7 +288,10 @@ import_environments(Buffer *b)
 
 	/* Import environment from subprocess */
 	num_env = buffer_get_int(b);
-	sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env));
+	if (num_env > 1024)
+		fatal("%s: received %u environment variables, expected <= 1024",
+		    __func__, num_env);
+	sshpam_env = xcalloc(num_env + 1, sizeof(*sshpam_env));
 	debug3("PAM: num env strings %d", num_env);
 	for(i = 0; i < num_env; i++)
 		sshpam_env[i] = buffer_get_string(b, NULL);
@@ -335,9 +338,8 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg,
 	if (n <= 0 || n > PAM_MAX_NUM_MSG)
 		return (PAM_CONV_ERR);
 
-	if ((reply = malloc(n * sizeof(*reply))) == NULL)
+	if ((reply = calloc(n, sizeof(*reply))) == NULL)
 		return (PAM_CONV_ERR);
-	memset(reply, 0, n * sizeof(*reply));
 
 	buffer_init(&buffer);
 	for (i = 0; i < n; ++i) {
@@ -533,9 +535,8 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg,
 	if (n <= 0 || n > PAM_MAX_NUM_MSG)
 		return (PAM_CONV_ERR);
 
-	if ((reply = malloc(n * sizeof(*reply))) == NULL)
+	if ((reply = calloc(n, sizeof(*reply))) == NULL)
 		return (PAM_CONV_ERR);
-	memset(reply, 0, n * sizeof(*reply));
 
 	for (i = 0; i < n; ++i) {
 		switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
@@ -935,9 +936,8 @@ sshpam_tty_conv(int n, sshpam_const struct pam_message **msg,
 	if (n <= 0 || n > PAM_MAX_NUM_MSG || !isatty(STDIN_FILENO))
 		return (PAM_CONV_ERR);
 
-	if ((reply = malloc(n * sizeof(*reply))) == NULL)
+	if ((reply = calloc(n, sizeof(*reply))) == NULL)
 		return (PAM_CONV_ERR);
-	memset(reply, 0, n * sizeof(*reply));
 
 	for (i = 0; i < n; ++i) {
 		switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
diff --git a/groupaccess.c b/groupaccess.c
index 83c573de..2a85cb37 100644
--- a/groupaccess.c
+++ b/groupaccess.c
@@ -52,8 +52,8 @@ ga_init(const char *user, gid_t base)
 	ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX));
 #endif
 
-	groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid));
-	groups_byname = xmalloc(ngroups * sizeof(*groups_byname));
+	groups_bygid = xcalloc(ngroups, sizeof(*groups_bygid));
+	groups_byname = xcalloc(ngroups, sizeof(*groups_byname));
 
 	if (getgrouplist(user, base, groups_bygid, &ngroups) == -1)
 		logit("getgrouplist: groups list too small");
diff --git a/monitor.c b/monitor.c
index 894523da..4b8287d8 100644
--- a/monitor.c
+++ b/monitor.c
@@ -924,7 +924,7 @@ mm_answer_pam_respond(int sock, Buffer *m)
 	sshpam_authok = NULL;
 	num = buffer_get_int(m);
 	if (num > 0) {
-		resp = xmalloc(num * sizeof(char *));
+		resp = xcalloc(num, sizeof(char *));
 		for (i = 0; i < num; ++i)
 			resp[i] = buffer_get_string(m, NULL);
 		ret = (sshpam_device.respond)(sshpam_ctxt, num, resp);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 8cfc8cc0..33265289 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -776,8 +776,11 @@ mm_sshpam_query(void *ctx, char **name, char **info,
 	*name = buffer_get_string(&m, NULL);
 	*info = buffer_get_string(&m, NULL);
 	*num = buffer_get_int(&m);
-	*prompts = xmalloc((*num + 1) * sizeof(char *));
-	*echo_on = xmalloc((*num + 1) * sizeof(u_int));
+	if (*num > PAM_MAX_NUM_MSG)
+		fatal("%s: recieved %u PAM messages, expected <= %u",
+		    __func__, *num, PAM_MAX_NUM_MSG);
+	*prompts = xcalloc((*num + 1), sizeof(char *));
+	*echo_on = xcalloc((*num + 1), sizeof(u_int));
 	for (i = 0; i < *num; ++i) {
 		(*prompts)[i] = buffer_get_string(&m, NULL);
 		(*echo_on)[i] = buffer_get_int(&m);
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c
index 8f3acee2..b408dde2 100644
--- a/openbsd-compat/bsd-cygwin_util.c
+++ b/openbsd-compat/bsd-cygwin_util.c
@@ -268,7 +268,7 @@ fetch_windows_environment(void)
 	char **e, **p;
 	unsigned int i, idx = 0;
 
-	p = xmalloc((WENV_SIZ + 1) * sizeof(char *));
+	p = xcalloc(WENV_SIZ + 1, sizeof(char *));
 	for (e = environ; *e != NULL; ++e) {
 		for (i = 0; i < WENV_SIZ; ++i) {
 			if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen))
diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c
index 6e2b19bb..95b662e4 100644
--- a/openbsd-compat/setproctitle.c
+++ b/openbsd-compat/setproctitle.c
@@ -80,7 +80,7 @@ compat_init_setproctitle(int argc, char *argv[])
 	/* Fail if we can't allocate room for the new environment */
 	for (i = 0; envp[i] != NULL; i++)
 		;
-	if ((environ = malloc(sizeof(*environ) * (i + 1))) == NULL) {
+	if ((environ = calloc(i + 1, sizeof(*environ))) == NULL) {
 		environ = envp;	/* put it back */
 		return;
 	}
diff --git a/scard-opensc.c b/scard-opensc.c
index dd2c28df..7a496dff 100644
--- a/scard-opensc.c
+++ b/scard-opensc.c
@@ -455,7 +455,9 @@ sc_get_keys(const char *id, const char *pin)
 		}
 		key_count = r;
 	}
-	keys = xmalloc(sizeof(Key *) * (key_count*2+1));
+	if (key_count > 1024)
+		fatal("Too many keys (%u), expected <= 1024", key_count);
+	keys = xcalloc(key_count * 2 + 1, sizeof(Key *));
 	for (i = 0; i < key_count; i++) {
 		sc_pkcs15_object_t *tmp_obj = NULL;
 		cert_id = ((sc_pkcs15_cert_info_t *)(certs[i]->data))->id;
diff --git a/session.c b/session.c
index caf750ab..87e7ee6e 100644
--- a/session.c
+++ b/session.c
@@ -984,7 +984,7 @@ do_setup_env(Session *s, const char *shell)
 
 	/* Initialize the environment. */
 	envsize = 100;
-	env = xmalloc(envsize * sizeof(char *));
+	env = xcalloc(envsize, sizeof(char *));
 	env[0] = NULL;
 
 #ifdef HAVE_CYGWIN
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index 662f7008..3a4a165f 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@@ -674,8 +674,7 @@ prng_read_commands(char *cmdfilename)
 	}
 
 	num_cmds = 64;
-	entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t));
-	memset(entcmd, '\0', num_cmds * sizeof(entropy_cmd_t));
+	entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));
 
 	/* Read in file */
 	cur_cmd = linenum = 0;
diff --git a/sshd.c b/sshd.c
index a206db24..e707cf65 100644
--- a/sshd.c
+++ b/sshd.c
@@ -921,7 +921,7 @@ main(int ac, char **av)
 	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
 	saved_argc = ac;
 	rexec_argc = ac;
-	saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1));
+	saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
 	for (i = 0; i < ac; i++)
 		saved_argv[i] = xstrdup(av[i]);
 	saved_argv[i] = NULL;