From 23e318bc3fe7526bacb503f5b14da8aee3502871 Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Thu, 29 May 2014 21:07:44 +0000 Subject: convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53 potential integer overflows easily changed into an allocation return of NULL, with errno nicely set if need be. checks for an allocations returning NULL are commonplace, or if the object is dereferenced (quite normal) will result in a nice fault which can be detected & repaired properly. ok tedu --- lib/libcrypto/objects/o_names.c | 3 ++- lib/libcrypto/objects/obj_xref.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/libcrypto/objects') diff --git a/lib/libcrypto/objects/o_names.c b/lib/libcrypto/objects/o_names.c index 196d3ab0a75..169b8ae87da 100644 --- a/lib/libcrypto/objects/o_names.c +++ b/lib/libcrypto/objects/o_names.c @@ -292,7 +292,8 @@ OBJ_NAME_do_all_sorted(int type, void (*fn)(const OBJ_NAME *, void *arg), int n; d.type = type; - d.names = malloc(lh_OBJ_NAME_num_items(names_lh)*sizeof *d.names); + d.names = reallocarray(NULL, lh_OBJ_NAME_num_items(names_lh), + sizeof *d.names); d.n = 0; OBJ_NAME_do_all(type, do_all_sorted_fn, &d); diff --git a/lib/libcrypto/objects/obj_xref.c b/lib/libcrypto/objects/obj_xref.c index 25aed74ff11..8e9128efc4b 100644 --- a/lib/libcrypto/objects/obj_xref.c +++ b/lib/libcrypto/objects/obj_xref.c @@ -164,7 +164,7 @@ OBJ_add_sigid(int signid, int dig_id, int pkey_id) sigx_app = sk_nid_triple_new(sigx_cmp); if (!sigx_app) return 0; - ntr = malloc(sizeof(int) * 3); + ntr = reallocarray(NULL, sizeof(int), 3); if (!ntr) return 0; ntr->sign_id = signid; -- cgit v1.2.3