diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2017-03-16 13:29:57 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2017-03-16 13:29:57 +0000 |
| commit | 9c466250dfdea699c3650b5660468c190834a659 (patch) | |
| tree | ff8aeae315ce9ba581bdc247599c6861c65873be /lib/libcrypto | |
| parent | 820faa196f2ae8f30c25063a5572fa49353dc794 (diff) | |
Convert BUF_MEM_grow() and BUF_MEM_grow_clean() to recallocarray(),
ensuring that the buffer contents are zeroed on allocation and not leaked
when resizing.
It is worth noting that BUF_MEM_grow_clean() already did this manually by
avoiding realloc().
ok beck@ inoguchi@
Diffstat (limited to 'lib/libcrypto')
| -rw-r--r-- | lib/libcrypto/buffer/buffer.c | 16 |
1 files changed, 3 insertions, 13 deletions
diff --git a/lib/libcrypto/buffer/buffer.c b/lib/libcrypto/buffer/buffer.c index ddc8f39408e..2e4959a58d6 100644 --- a/lib/libcrypto/buffer/buffer.c +++ b/lib/libcrypto/buffer/buffer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: buffer.c,v 1.23 2017/03/16 13:15:06 jsing Exp $ */ +/* $OpenBSD: buffer.c,v 1.24 2017/03/16 13:29:56 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -105,7 +105,6 @@ BUF_MEM_grow(BUF_MEM *str, size_t len) return (len); } if (str->max >= len) { - memset(&str->data[str->length], 0, len - str->length); str->length = len; return (len); } @@ -115,14 +114,13 @@ BUF_MEM_grow(BUF_MEM *str, size_t len) return 0; } n = (len + 3) / 3 * 4; - ret = realloc(str->data, n); + ret = recallocarray(str->data, str->max, n, 1); if (ret == NULL) { BUFerror(ERR_R_MALLOC_FAILURE); len = 0; } else { str->data = ret; str->max = n; - memset(&str->data[str->length], 0, len - str->length); str->length = len; } return (len); @@ -140,7 +138,6 @@ BUF_MEM_grow_clean(BUF_MEM *str, size_t len) return (len); } if (str->max >= len) { - memset(&str->data[str->length], 0, len - str->length); str->length = len; return (len); } @@ -150,20 +147,13 @@ BUF_MEM_grow_clean(BUF_MEM *str, size_t len) return 0; } n = (len + 3) / 3 * 4; - ret = malloc(n); - /* we're not shrinking - that case returns above */ - if ((ret != NULL) && (str->data != NULL)) { - memcpy(ret, str->data, str->max); - explicit_bzero(str->data, str->max); - free(str->data); - } + ret = recallocarray(str->data, str->max, n, 1); if (ret == NULL) { BUFerror(ERR_R_MALLOC_FAILURE); len = 0; } else { str->data = ret; str->max = n; - memset(&str->data[str->length], 0, len - str->length); str->length = len; } return (len); |