diff options
| author | Damien Miller <djm@mindrot.org> | 2006-03-26 14:22:47 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2006-03-26 14:22:47 +1100 |
| commit | 36812092ecb11a25ca9d6d87fdeaf53e371c5043 (patch) | |
| tree | 257ccc18998146f7f6e6c25cbb0ff9bd6de946a5 /ssh-agent.c | |
| parent | 07d86bec5eeaf19fe33dca99c8ebcbe9a77c3938 (diff) | |
- djm@cvs.openbsd.org 2006/03/25 01:13:23
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
[uidswap.c]
change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is
almost always allocating "n * size" bytes, so this is a far safer
API; ok deraadt@
Diffstat (limited to 'ssh-agent.c')
| -rw-r--r-- | ssh-agent.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 67bde5560..042b18f54 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
| @@ -803,7 +803,7 @@ new_socket(sock_type type, int fd) | |||
| 803 | } | 803 | } |
| 804 | old_alloc = sockets_alloc; | 804 | old_alloc = sockets_alloc; |
| 805 | new_alloc = sockets_alloc + 10; | 805 | new_alloc = sockets_alloc + 10; |
| 806 | sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0])); | 806 | sockets = xrealloc(sockets, new_alloc, sizeof(sockets[0])); |
| 807 | for (i = old_alloc; i < new_alloc; i++) | 807 | for (i = old_alloc; i < new_alloc; i++) |
| 808 | sockets[i].type = AUTH_UNUSED; | 808 | sockets[i].type = AUTH_UNUSED; |
| 809 | sockets_alloc = new_alloc; | 809 | sockets_alloc = new_alloc; |