diff options
Diffstat (limited to 'logsrvd/sendlog.c')
-rw-r--r-- | logsrvd/sendlog.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/logsrvd/sendlog.c b/logsrvd/sendlog.c index 98d5ecc10..ebf6c9d7b 100644 --- a/logsrvd/sendlog.c +++ b/logsrvd/sendlog.c @@ -256,7 +256,7 @@ get_free_buf(size_t len, struct client_closure *closure) if (len > buf->size) { free(buf->data); buf->size = sudo_pow2_roundup(len); - if ((buf->data = malloc(buf->size)) == NULL) { + if (buf->size < len || (buf->data = malloc(buf->size)) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); free(buf); buf = NULL; @@ -285,13 +285,22 @@ read_io_buf(struct client_closure *closure) /* Expand buf as needed. */ if (timing->u.nbytes > closure->bufsize) { + const size_t new_size = sudo_pow2_roundup(timing->u.nbytes); + if (new_size < timing->u.nbytes) { + /* overflow */ + errno = ENOMEM; + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + timing->u.nbytes = 0; + debug_return_bool(false); + } free(closure->buf); - closure->bufsize = sudo_pow2_roundup(timing->u.nbytes); - if ((closure->buf = malloc(closure->bufsize)) == NULL) { + if ((closure->buf = malloc(new_size)) == NULL) { sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + closure->bufsize = 0; timing->u.nbytes = 0; debug_return_bool(false); } + closure->bufsize = new_size; } nread = iolog_read(&closure->iolog_files[timing->event], closure->buf, |