From 9a8aaa01f21a60e2f5f372b9722e363b36254df9 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 25 Mar 2006 01:13:24 +0000 Subject: change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@ --- usr.bin/ssh/sftp-server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'usr.bin/ssh/sftp-server.c') diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c index 7ea3eda68c2..d2827204585 100644 --- a/usr.bin/ssh/sftp-server.c +++ b/usr.bin/ssh/sftp-server.c @@ -700,7 +700,7 @@ process_readdir(void) while ((dp = readdir(dirp)) != NULL) { if (count >= nstats) { nstats *= 2; - stats = xrealloc(stats, nstats * sizeof(Stat)); + stats = xrealloc(stats, nstats, sizeof(Stat)); } /* XXX OVERFLOW ? */ snprintf(pathname, sizeof pathname, "%s%s%s", path, -- cgit v1.2.3