- djm@cvs.openbsd.org 2006/03/25 01:13:23

[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] [uidswap.c] change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
author: djm <djm> 2006-03-26 03:22:47 +0000
committer: djm <djm> 2006-03-26 03:22:47 +0000
commit: 5e5513faf51451ded4af614cb6c6390282690c9b (patch)
tree: 1ae514355b3e707ae4c419a565852b3faa3ee3ff /ssh-rsa.c
parent: 02eed99ef7f2174344b2a099b5ff4d93a3d5f0f5 (diff)
download: openssh-5e5513faf51451ded4af614cb6c6390282690c9b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/ssh-rsa.c b/ssh-rsa.c
index ce4195fe..55fb7ba5 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -144,7 +144,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
 		u_int diff = modlen - len;
 		debug("ssh_rsa_verify: add padding: modlen %u > len %u",
 		    modlen, len);
-		sigblob = xrealloc(sigblob, modlen);
+		sigblob = xrealloc(sigblob, 1, modlen);
 		memmove(sigblob + diff, sigblob, len);
 		memset(sigblob, 0, diff);
 		len = modlen;
author	djm <djm>	2006-03-26 03:22:47 +0000
committer	djm <djm>	2006-03-26 03:22:47 +0000
commit	5e5513faf51451ded4af614cb6c6390282690c9b (patch)
tree	1ae514355b3e707ae4c419a565852b3faa3ee3ff /ssh-rsa.c
parent	02eed99ef7f2174344b2a099b5ff4d93a3d5f0f5 (diff)
download	openssh-5e5513faf51451ded4af614cb6c6390282690c9b.tar.gz