- djm@cvs.openbsd.org 2006/03/25 01:13:23

[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] [uidswap.c] change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
author: Damien Miller <djm@mindrot.org> 2006-03-26 14:22:47 +1100
committer: Damien Miller <djm@mindrot.org> 2006-03-26 14:22:47 +1100
commit: 36812092ecb11a25ca9d6d87fdeaf53e371c5043 (patch)
tree: 257ccc18998146f7f6e6c25cbb0ff9bd6de946a5 /scp.c
parent: 07d86bec5eeaf19fe33dca99c8ebcbe9a77c3938 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/scp.c b/scp.c
index bf9db97cf..3068b8d32 100644
--- a/scp.c
+++ b/scp.c
@@ -1190,7 +1190,7 @@ allocbuf(BUF *bp, int fd, int blksize)
        if (bp->buf == NULL)
                bp->buf = xmalloc(size);
        else
-                bp->buf = xrealloc(bp->buf, size);
+                bp->buf = xrealloc(bp->buf, 1, size);
        memset(bp->buf, 0, size);
        bp->cnt = size;
        return (bp);
author	Damien Miller <djm@mindrot.org>	2006-03-26 14:22:47 +1100
committer	Damien Miller <djm@mindrot.org>	2006-03-26 14:22:47 +1100
commit	36812092ecb11a25ca9d6d87fdeaf53e371c5043 (patch)
tree	257ccc18998146f7f6e6c25cbb0ff9bd6de946a5 /scp.c
parent	07d86bec5eeaf19fe33dca99c8ebcbe9a77c3938 (diff)

diff --git a/scp.c b/scp.c index bf9db97cf..3068b8d32 100644 --- a/scp.c +++ b/scp.c
@@ -1190,7 +1190,7 @@ allocbuf(BUF *bp, int fd, int blksize)
1190	if (bp->buf == NULL)	1190	if (bp->buf == NULL)
1191	bp->buf = xmalloc(size);	1191	bp->buf = xmalloc(size);
1192	else	1192	else
1193	bp->buf = xrealloc(bp->buf, size);	1193	bp->buf = xrealloc(bp->buf, 1, size);
1194	memset(bp->buf, 0, size);	1194	memset(bp->buf, 0, size);
1195	bp->cnt = size;	1195	bp->cnt = size;
1196	return (bp);	1196	return (bp);