From 36812092ecb11a25ca9d6d87fdeaf53e371c5043 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 26 Mar 2006 14:22:47 +1100
Subject:    - djm@cvs.openbsd.org 2006/03/25 01:13:23      [buffer.c
 channels.c deattack.c misc.c scp.c session.c sftp-client.c]     
 [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]     
 [uidswap.c]      change OpenSSH's xrealloc() function from being xrealloc(p,
 new_size)      to xrealloc(p, new_nmemb, new_itemsize).

     realloc is particularly prone to integer overflows because it is
     almost always allocating "n * size" bytes, so this is a far safer
     API; ok deraadt@
---
 ChangeLog | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index 20d034a6e..9d129a183 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -118,6 +118,16 @@
      to die
 
      feedback and ok deraadt@
+   - djm@cvs.openbsd.org 2006/03/25 01:13:23
+     [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
+     [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
+     [uidswap.c]
+     change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
+     to xrealloc(p, new_nmemb, new_itemsize).
+
+     realloc is particularly prone to integer overflows because it is
+     almost always allocating "n * size" bytes, so this is a far safer 
+     API; ok deraadt@
 
 20060325
  - OpenBSD CVS Sync
@@ -4375,4 +4385,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4273 2006/03/26 03:19:21 djm Exp $
+$Id: ChangeLog,v 1.4274 2006/03/26 03:22:47 djm Exp $
-- 
cgit v1.2.3