diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2012-04-06 20:54:42 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2012-04-06 20:54:42 +0000 |
| commit | b2b998c5936422a90303bf3a299560789c46460c (patch) | |
| tree | 4f3184f0f19826557d42330cfd8016cf42601381 /lib | |
| parent | 696d29a5dba4edea7297711b2bb1d588a2c2feb4 (diff) | |
range check st_size before calling calloc()
ok millert
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/gen/getusershell.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/libc/gen/getusershell.c b/lib/libc/gen/getusershell.c index 200c78c66bc..4d6a178addf 100644 --- a/lib/libc/gen/getusershell.c +++ b/lib/libc/gen/getusershell.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getusershell.c,v 1.8 2005/08/08 08:05:34 espie Exp $ */ +/* $OpenBSD: getusershell.c,v 1.9 2012/04/06 20:54:41 deraadt Exp $ */ /* * Copyright (c) 1985, 1993 * The Regents of the University of California. All rights reserved. @@ -101,11 +101,15 @@ initshells(void) (void)fclose(fp); return (okshells); } - if ((strings = malloc((u_int)statb.st_size)) == NULL) { + if (statb.st_size > SIZE_T_MAX) { (void)fclose(fp); return (okshells); } - shells = calloc((unsigned)statb.st_size / 3, sizeof (char *)); + if ((strings = malloc((size_t)statb.st_size)) == NULL) { + (void)fclose(fp); + return (okshells); + } + shells = calloc((size_t)(statb.st_size / 3), sizeof (char *)); if (shells == NULL) { (void)fclose(fp); free(strings); |