summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDoug Hogan <doug@cvs.openbsd.org>2014-10-18 03:11:55 +0000
committerDoug Hogan <doug@cvs.openbsd.org>2014-10-18 03:11:55 +0000
commita9ffbd0fb5bc2b5f3a02edebc476bac313e53fff (patch)
tree67b283b9d8f52658d750a7519c83d93473f32085
parent63425491d9fe98b7cba7fc0a0f7610f616f1277e (diff)
Simple malloc() to reallocarray() conversion to potentially avoid integer
overflow. ok deraadt@
-rw-r--r--sbin/iked/pfkey.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/sbin/iked/pfkey.c b/sbin/iked/pfkey.c
index 97cf5658667..5bf0c0985f5 100644
--- a/sbin/iked/pfkey.c
+++ b/sbin/iked/pfkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkey.c,v 1.38 2014/07/09 12:05:01 markus Exp $ */
+/* $OpenBSD: pfkey.c,v 1.39 2014/10/18 03:11:54 doug Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -1143,11 +1143,13 @@ pfkey_reply(int sd, u_int8_t **datap, ssize_t *lenp)
return (-1);
}
- len = hdr.sadb_msg_len * PFKEYV2_CHUNK;
- if ((data = malloc(len)) == NULL) {
+ if ((data = reallocarray(NULL, hdr.sadb_msg_len,
+ PFKEYV2_CHUNK)) == NULL) {
log_warn("%s: malloc", __func__);
return (-1);
}
+ len = hdr.sadb_msg_len * PFKEYV2_CHUNK;
+
if (read(sd, data, len) != len) {
log_warnx("%s: short read", __func__);
free(data);
@@ -1519,11 +1521,13 @@ pfkey_dispatch(int sd, short event, void *arg)
return;
}
- len = hdr.sadb_msg_len * PFKEYV2_CHUNK;
- if ((data = malloc(len)) == NULL) {
+ if ((data = reallocarray(NULL, hdr.sadb_msg_len, PFKEYV2_CHUNK))
+ == NULL) {
log_warn("%s: malloc", __func__);
return;
}
+ len = hdr.sadb_msg_len * PFKEYV2_CHUNK;
+
if (read(sd, data, len) != len) {
log_warn("%s: short read", __func__);
free(data);