diff options
| author | Doug Hogan <doug@cvs.openbsd.org> | 2014-10-11 04:31:56 +0000 |
|---|---|---|
| committer | Doug Hogan <doug@cvs.openbsd.org> | 2014-10-11 04:31:56 +0000 |
| commit | 4875996b04f998c54416d83d9e50d13c9cb54fb4 (patch) | |
| tree | 17e0e4f2405538f140a6fa1af8e56084aa6f86c9 | |
| parent | 22f3c9378ff07d77596bd2d49154efd31c79bcbe (diff) | |
Userland reallocarray() audit.
Avoid potential integer overflow in the size argument of malloc() and
realloc() by using reallocarray() to avoid unchecked multiplication.
ok deraadt@
| -rw-r--r-- | usr.bin/join/join.c | 14 | ||||
| -rw-r--r-- | usr.bin/systat/pftop.c | 15 |
2 files changed, 15 insertions, 14 deletions
diff --git a/usr.bin/join/join.c b/usr.bin/join/join.c index b0dc1da9e77..8fd1cd57796 100644 --- a/usr.bin/join/join.c +++ b/usr.bin/join/join.c @@ -1,4 +1,4 @@ -/* $OpenBSD: join.c,v 1.22 2013/11/15 22:20:04 millert Exp $ */ +/* $OpenBSD: join.c,v 1.23 2014/10/11 04:31:55 doug Exp $ */ /*- * Copyright (c) 1991, 1993, 1994 @@ -312,8 +312,8 @@ slurpit(INPUT *F) LINE *p; u_long newsize = F->setalloc + 50; cnt = F->setalloc; - if ((p = realloc(F->set, - newsize * sizeof(LINE))) == NULL) + if ((p = reallocarray(F->set, newsize, sizeof(LINE))) + == NULL) err(1, NULL); F->set = p; F->setalloc = newsize; @@ -371,8 +371,8 @@ slurpit(INPUT *F) if (lp->fieldcnt == lp->fieldalloc) { char **p; u_long newsize = lp->fieldalloc + 50; - if ((p = realloc(lp->fields, - newsize * sizeof(char *))) == NULL) + if ((p = reallocarray(lp->fields, newsize, + sizeof(char *))) == NULL) err(1, NULL); lp->fields = p; lp->fieldalloc = newsize; @@ -538,8 +538,8 @@ fieldarg(char *option) if (olistcnt == olistalloc) { OLIST *p; u_long newsize = olistalloc + 50; - if ((p = realloc(olist, - newsize * sizeof(OLIST))) == NULL) + if ((p = reallocarray(olist, newsize, sizeof(OLIST))) + == NULL) err(1, NULL); olist = p; olistalloc = newsize; diff --git a/usr.bin/systat/pftop.c b/usr.bin/systat/pftop.c index de6771e1973..582fd016d8d 100644 --- a/usr.bin/systat/pftop.c +++ b/usr.bin/systat/pftop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pftop.c,v 1.28 2014/05/09 21:03:43 sthen Exp $ */ +/* $OpenBSD: pftop.c,v 1.29 2014/10/11 04:30:56 doug Exp $ */ /* * Copyright (c) 2001, 2007 Can Erkin Acar * Copyright (c) 2001 Daniel Hartmeier @@ -636,10 +636,11 @@ alloc_buf(int ns) if (len >= state_buf_len) { len += NUM_STATE_INC; - state_buf = realloc(state_buf, len * sizeof(struct pfsync_state)); - state_ord = realloc(state_ord, len * sizeof(u_int32_t)); - state_cache = realloc(state_cache, - len * sizeof(struct sc_ent *)); + state_buf = reallocarray(state_buf, len, + sizeof(struct pfsync_state)); + state_ord = reallocarray(state_ord, len, sizeof(u_int32_t)); + state_cache = reallocarray(state_cache, len, + sizeof(struct sc_ent *)); if (state_buf == NULL || state_ord == NULL || state_cache == NULL) err(1, "realloc"); @@ -941,12 +942,12 @@ add_rule_alloc(u_int32_t nr) num_rules += nr; if (rules == NULL) { - rules = malloc(num_rules * sizeof(struct pf_rule)); + rules = reallocarray(NULL, num_rules, sizeof(struct pf_rule)); if (rules == NULL) err(1, "malloc"); alloc_rules = num_rules; } else if (num_rules > alloc_rules) { - rules = realloc(rules, num_rules * sizeof(struct pf_rule)); + rules = reallocarray(rules, num_rules, sizeof(struct pf_rule)); if (rules == NULL) err(1, "realloc"); alloc_rules = num_rules; |