- djm@cvs.openbsd.org 2006/03/25 01:13:23
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
[uidswap.c]
change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is
almost always allocating "n * size" bytes, so this is a far safer
API; ok deraadt@
diff --git a/ssh-agent.c b/ssh-agent.c
index 67bde55..042b18f 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -803,7 +803,7 @@
}
old_alloc = sockets_alloc;
new_alloc = sockets_alloc + 10;
- sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
+ sockets = xrealloc(sockets, new_alloc, sizeof(sockets[0]));
for (i = old_alloc; i < new_alloc; i++)
sockets[i].type = AUTH_UNUSED;
sockets_alloc = new_alloc;