diff options
author | Damien Miller <djm@mindrot.org> | 2006-03-26 14:22:47 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2006-03-26 14:22:47 +1100 |
commit | 36812092ecb11a25ca9d6d87fdeaf53e371c5043 (patch) | |
tree | 257ccc18998146f7f6e6c25cbb0ff9bd6de946a5 /sftp-client.c | |
parent | 07d86bec5eeaf19fe33dca99c8ebcbe9a77c3938 (diff) |
- djm@cvs.openbsd.org 2006/03/25 01:13:23
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
[uidswap.c]
change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is
almost always allocating "n * size" bytes, so this is a far safer
API; ok deraadt@
Diffstat (limited to 'sftp-client.c')
-rw-r--r-- | sftp-client.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/sftp-client.c b/sftp-client.c index c34f919a4..8b4d67b58 100644 --- a/sftp-client.c +++ b/sftp-client.c | |||
@@ -393,8 +393,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, | |||
393 | printf("%s\n", longname); | 393 | printf("%s\n", longname); |
394 | 394 | ||
395 | if (dir) { | 395 | if (dir) { |
396 | *dir = xrealloc(*dir, sizeof(**dir) * | 396 | *dir = xrealloc(*dir, ents + 2, sizeof(**dir)); |
397 | (ents + 2)); | ||
398 | (*dir)[ents] = xmalloc(sizeof(***dir)); | 397 | (*dir)[ents] = xmalloc(sizeof(***dir)); |
399 | (*dir)[ents]->filename = xstrdup(filename); | 398 | (*dir)[ents]->filename = xstrdup(filename); |
400 | (*dir)[ents]->longname = xstrdup(longname); | 399 | (*dir)[ents]->longname = xstrdup(longname); |