From 92b0729983b8dbba641b2c8ad571493056bc0bd1 Mon Sep 17 00:00:00 2001
From: Doug Hogan <doug@cvs.openbsd.org>
Date: Sat, 11 Oct 2014 02:29:25 +0000
Subject: Userland reallocarray() audit.

Avoid potential integer overflow in the size argument of malloc() and
realloc() by using reallocarray() to avoid unchecked multiplication.

ok deraadt@
---
 usr.sbin/ypserv/yppush/yppush.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr.sbin/ypserv/yppush')

diff --git a/usr.sbin/ypserv/yppush/yppush.c b/usr.sbin/ypserv/yppush/yppush.c
index f4873f702b5..755e24d21da 100644
--- a/usr.sbin/ypserv/yppush/yppush.c
+++ b/usr.sbin/ypserv/yppush/yppush.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: yppush.c,v 1.28 2013/12/04 02:18:05 deraadt Exp $ */
+/*	$OpenBSD: yppush.c,v 1.29 2014/10/11 02:29:24 doug Exp $ */
 
 /*
  * Copyright (c) 1995 Mats O Jansson <moj@stacken.kth.se>
@@ -75,7 +75,7 @@ my_svc_run(void)
 
 	for (;;) {
 		if (svc_max_pollfd > saved_max_pollfd) {
-			newp = realloc(pfd, sizeof(*pfd) * svc_max_pollfd);
+			newp = reallocarray(pfd, svc_max_pollfd, sizeof(*pfd));
 			if (newp == NULL) {
 				free(pfd);
 				perror("svc_run: - realloc failed");
-- 
cgit v1.2.3