- djm@cvs.openbsd.org 2006/03/25 01:13:23 [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] [uidswap.c] change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@

commit: 36812092ecb11a25ca9d6d87fdeaf53e371c5043 [log] [tgz]
author: Damien Miller <djm@mindrot.org> Sun Mar 26 14:22:47 2006 +1100
committer: Damien Miller <djm@mindrot.org> Sun Mar 26 14:22:47 2006 +1100
tree: 257ccc18998146f7f6e6c25cbb0ff9bd6de946a5
parent: 07d86bec5eeaf19fe33dca99c8ebcbe9a77c3938 [diff] [blame]
diff --git a/ssh-agent.c b/ssh-agent.c
index 67bde55..042b18f 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c

@@ -803,7 +803,7 @@
 		}
 	old_alloc = sockets_alloc;
 	new_alloc = sockets_alloc + 10;
-	sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
+	sockets = xrealloc(sockets, new_alloc, sizeof(sockets[0]));
 	for (i = old_alloc; i < new_alloc; i++)
 		sockets[i].type = AUTH_UNUSED;
 	sockets_alloc = new_alloc;
commit	36812092ecb11a25ca9d6d87fdeaf53e371c5043	[log] [tgz]
author	Damien Miller <djm@mindrot.org>	Sun Mar 26 14:22:47 2006 +1100
committer	Damien Miller <djm@mindrot.org>	Sun Mar 26 14:22:47 2006 +1100
tree	257ccc18998146f7f6e6c25cbb0ff9bd6de946a5
parent	07d86bec5eeaf19fe33dca99c8ebcbe9a77c3938 [diff] [blame]