summaryrefslogtreecommitdiff
path: root/buffer.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2003-09-16 13:30:28 +0000
committerColin Watson <cjwatson@debian.org>2003-09-16 13:30:28 +0000
commit47db5b41510b70ecfae961d1ead8a9ccf1d6db26 (patch)
treeb9652281e2f0f87dec5ccbf169a8d0938397fe4c /buffer.c
parent201be51a7d1d93a4dbd435e90848ed9b72adedfe (diff)
parent854156dd39acbde9b4a47ec0fc54a042ea7358e0 (diff)
NMU by Michael Stone:
* SECURITY: fix for CAN-2003-0693, buffer allocation error
Diffstat (limited to 'buffer.c')
-rw-r--r--buffer.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/buffer.c b/buffer.c
index ad04b267e..983f6bc2f 100644
--- a/buffer.c
+++ b/buffer.c
@@ -69,6 +69,7 @@ buffer_append(Buffer *buffer, const void *data, u_int len)
69void * 69void *
70buffer_append_space(Buffer *buffer, u_int len) 70buffer_append_space(Buffer *buffer, u_int len)
71{ 71{
72 u_int newlen;
72 void *p; 73 void *p;
73 74
74 if (len > 0x100000) 75 if (len > 0x100000)
@@ -98,11 +99,12 @@ restart:
98 goto restart; 99 goto restart;
99 } 100 }
100 /* Increase the size of the buffer and retry. */ 101 /* Increase the size of the buffer and retry. */
101 buffer->alloc += len + 32768; 102 newlen = buffer->alloc + len + 32768;
102 if (buffer->alloc > 0xa00000) 103 if (newlen > 0xa00000)
103 fatal("buffer_append_space: alloc %u not supported", 104 fatal("buffer_append_space: alloc %u not supported",
104 buffer->alloc); 105 newlen);
105 buffer->buf = xrealloc(buffer->buf, buffer->alloc); 106 buffer->buf = xrealloc(buffer->buf, newlen);
107 buffer->alloc = newlen;
106 goto restart; 108 goto restart;
107 /* NOTREACHED */ 109 /* NOTREACHED */
108} 110}