NMU by Michael Stone:

* SECURITY: fix for CAN-2003-0693, buffer allocation error
author: Colin Watson <cjwatson@debian.org> 2003-09-16 13:30:28 +0000
committer: Colin Watson <cjwatson@debian.org> 2003-09-16 13:30:28 +0000
commit: 47db5b41510b70ecfae961d1ead8a9ccf1d6db26 (patch)
tree: b9652281e2f0f87dec5ccbf169a8d0938397fe4c /buffer.c
parent: 201be51a7d1d93a4dbd435e90848ed9b72adedfe (diff)
parent: 854156dd39acbde9b4a47ec0fc54a042ea7358e0 (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/buffer.c b/buffer.c
index ad04b267e..983f6bc2f 100644
--- a/buffer.c
+++ b/buffer.c
@@ -69,6 +69,7 @@ buffer_append(Buffer *buffer, const void *data, u_int len)
 void *
 buffer_append_space(Buffer *buffer, u_int len)
 {
+        u_int newlen;
        void *p;
        if (len > 0x100000)
@@ -98,11 +99,12 @@ restart:
                goto restart;
        }
        /* Increase the size of the buffer and retry. */
-        buffer->alloc += len + 32768;
+        newlen = buffer->alloc + len + 32768;
-        if (buffer->alloc > 0xa00000)
+        if (newlen > 0xa00000)
                fatal("buffer_append_space: alloc %u not supported",
-                    buffer->alloc);
+                    newlen);
-        buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+        buffer->buf = xrealloc(buffer->buf, newlen);
+        buffer->alloc = newlen;
        goto restart;
        /* NOTREACHED */
 }
author	Colin Watson <cjwatson@debian.org>	2003-09-16 13:30:28 +0000
committer	Colin Watson <cjwatson@debian.org>	2003-09-16 13:30:28 +0000
commit	47db5b41510b70ecfae961d1ead8a9ccf1d6db26 (patch)
tree	b9652281e2f0f87dec5ccbf169a8d0938397fe4c /buffer.c
parent	201be51a7d1d93a4dbd435e90848ed9b72adedfe (diff)
parent	854156dd39acbde9b4a47ec0fc54a042ea7358e0 (diff)