From e76b59f7f7726aef156831251a30ba0de1990bb7 Mon Sep 17 00:00:00 2001 From: Doug Hogan Date: Sat, 11 Oct 2014 04:22:04 +0000 Subject: Userland reallocarray() audit. Avoid potential integer overflow in the size argument of malloc() and realloc() by using reallocarray() to avoid unchecked multiplication. ok deraadt@ --- lib/libc/net/getservent.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/libc/net/getservent.c b/lib/libc/net/getservent.c index 7e3293389d6..dc43da0a8b5 100644 --- a/lib/libc/net/getservent.c +++ b/lib/libc/net/getservent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getservent.c,v 1.13 2014/09/15 06:15:48 guenther Exp $ */ +/* $OpenBSD: getservent.c,v 1.14 2014/10/11 04:22:03 doug Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -122,8 +122,8 @@ again: continue; } if (q == &se->s_aliases[sd->maxaliases - 1]) { - p = realloc(se->s_aliases, - 2 * sd->maxaliases * sizeof(char *)); + p = reallocarray(se->s_aliases, sd->maxaliases, + 2 * sizeof(char *)); if (p == NULL) { serrno = errno; endservent_r(sd); -- cgit v1.2.3