Userland reallocarray() audit.

Avoid potential integer overflow in the size argument of malloc() and
realloc() by using reallocarray() to avoid unchecked multiplication.

ok deraadt@

2 files changed, 4 insertions, 4 deletions

diff --git a/usr.sbin/ypserv/yppush/yppush.c b/usr.sbin/ypserv/yppush/yppush.c
index f4873f702b5..755e24d21da 100644
--- a/usr.sbin/ypserv/yppush/yppush.c
+++ b/usr.sbin/ypserv/yppush/yppush.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: yppush.c,v 1.28 2013/12/04 02:18:05 deraadt Exp $ */
+/*	$OpenBSD: yppush.c,v 1.29 2014/10/11 02:29:24 doug Exp $ */
 
 /*
  * Copyright (c) 1995 Mats O Jansson <moj@stacken.kth.se>
@@ -75,7 +75,7 @@ my_svc_run(void)
 
 	for (;;) {
 		if (svc_max_pollfd > saved_max_pollfd) {
-			newp = realloc(pfd, sizeof(*pfd) * svc_max_pollfd);
+			newp = reallocarray(pfd, svc_max_pollfd, sizeof(*pfd));
 			if (newp == NULL) {
 				free(pfd);
 				perror("svc_run: - realloc failed");
diff --git a/usr.sbin/ypserv/ypserv/ypserv.c b/usr.sbin/ypserv/ypserv/ypserv.c
index 78513bec1cf..3e42955046a 100644
--- a/usr.sbin/ypserv/ypserv/ypserv.c
+++ b/usr.sbin/ypserv/ypserv/ypserv.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ypserv.c,v 1.39 2013/12/05 14:22:42 jca Exp $ */
+/*	$OpenBSD: ypserv.c,v 1.40 2014/10/11 02:29:24 doug Exp $ */
 
 /*
  * Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se>
@@ -352,7 +352,7 @@ my_svc_run(void)
 			hup();
 		}
 		if (svc_max_pollfd > saved_max_pollfd) {
-			newp = realloc(pfd, sizeof(*pfd) * svc_max_pollfd);
+			newp = reallocarray(pfd, svc_max_pollfd, sizeof(*pfd));
 			if (newp == NULL) {
 				free(pfd);
 				perror("svc_run: - realloc failed");