- djm@cvs.openbsd.org 2006/03/25 01:13:23

[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] [uidswap.c] change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
author: Damien Miller <djm@mindrot.org> 2006-03-26 14:22:47 +1100
committer: Damien Miller <djm@mindrot.org> 2006-03-26 14:22:47 +1100
commit: 36812092ecb11a25ca9d6d87fdeaf53e371c5043 (patch)
tree: 257ccc18998146f7f6e6c25cbb0ff9bd6de946a5 /ssh-rand-helper.c
parent: 07d86bec5eeaf19fe33dca99c8ebcbe9a77c3938 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index bdf73ec48..662f70080 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@@ -768,7 +768,7 @@ prng_read_commands(char *cmdfilename)
                 */
                if (cur_cmd == num_cmds) {
                        num_cmds *= 2;
-                        entcmd = xrealloc(entcmd, num_cmds *
+                        entcmd = xrealloc(entcmd, num_cmds,
                            sizeof(entropy_cmd_t));
                }
        }
@@ -777,7 +777,7 @@ prng_read_commands(char *cmdfilename)
        memset(&entcmd[cur_cmd], '\0', sizeof(entropy_cmd_t));
        /* trim to size */
-        entropy_cmds = xrealloc(entcmd, (cur_cmd + 1) *
+        entropy_cmds = xrealloc(entcmd, (cur_cmd + 1),
            sizeof(entropy_cmd_t));
        debug("Loaded %d entropy commands from %.100s", cur_cmd,
author	Damien Miller <djm@mindrot.org>	2006-03-26 14:22:47 +1100
committer	Damien Miller <djm@mindrot.org>	2006-03-26 14:22:47 +1100
commit	36812092ecb11a25ca9d6d87fdeaf53e371c5043 (patch)
tree	257ccc18998146f7f6e6c25cbb0ff9bd6de946a5 /ssh-rand-helper.c
parent	07d86bec5eeaf19fe33dca99c8ebcbe9a77c3938 (diff)

diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index bdf73ec48..662f70080 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c
@@ -768,7 +768,7 @@ prng_read_commands(char *cmdfilename)
768	*/	768	*/
769	if (cur_cmd == num_cmds) {	769	if (cur_cmd == num_cmds) {
770	num_cmds *= 2;	770	num_cmds *= 2;
771	entcmd = xrealloc(entcmd, num_cmds *	771	entcmd = xrealloc(entcmd, num_cmds,
772	sizeof(entropy_cmd_t));	772	sizeof(entropy_cmd_t));
773	}	773	}
774	}	774	}
@@ -777,7 +777,7 @@ prng_read_commands(char *cmdfilename)
777	memset(&entcmd[cur_cmd], '\0', sizeof(entropy_cmd_t));	777	memset(&entcmd[cur_cmd], '\0', sizeof(entropy_cmd_t));
778		778
779	/* trim to size */	779	/* trim to size */
780	entropy_cmds = xrealloc(entcmd, (cur_cmd + 1) *	780	entropy_cmds = xrealloc(entcmd, (cur_cmd + 1),
781	sizeof(entropy_cmd_t));	781	sizeof(entropy_cmd_t));
782		782
783	debug("Loaded %d entropy commands from %.100s", cur_cmd,	783	debug("Loaded %d entropy commands from %.100s", cur_cmd,