convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53

potential integer overflows easily changed into an allocation return of NULL, with errno nicely set if need be. checks for an allocations returning NULL are commonplace, or if the object is dereferenced (quite normal) will result in a nice fault which can be detected & repaired properly. ok tedu
author: deraadt <> 2014-05-29 21:07:43 +0000
committer: deraadt <> 2014-05-29 21:07:43 +0000
commit: 3d662abca6b2a7f5bc9108b036434d61fcdb6e53 (patch)
tree: d5fe0c330801f3e72c7b588264c6027636db4330 /src/lib/libcrypto/bn
parent: d205a2aecb99564cccfbea61c39ebe3b0ddd7fb7 (diff)
download: openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.tar.gz
openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.tar.bz2
openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.zip
4 files changed, 10 insertions, 10 deletions
diff --git a/src/lib/libcrypto/bn/bn_ctx.c b/src/lib/libcrypto/bn/bn_ctx.c
index 7407dade50..2368e25183 100644
--- a/src/lib/libcrypto/bn/bn_ctx.c
+++ b/src/lib/libcrypto/bn/bn_ctx.c
@@ -349,8 +349,8 @@ BN_STACK_push(BN_STACK *st, unsigned int idx)
        {
                unsigned int newsize = (st->size ?
                    (st->size * 3 / 2) : BN_CTX_START_FRAMES);
-                unsigned int *newitems = malloc(newsize *
+                unsigned int *newitems = reallocarray(NULL,
-                    sizeof(unsigned int));
+                    newsize, sizeof(unsigned int));
                if (!newitems)
                        return 0;
                if (st->depth)
diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c
index 4000fb8733..4bd50924d3 100644
--- a/src/lib/libcrypto/bn/bn_gf2m.c
+++ b/src/lib/libcrypto/bn/bn_gf2m.c
@@ -547,7 +547,7 @@ BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
        bn_check_top(a);
        bn_check_top(b);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
@@ -609,7 +609,7 @@ BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        bn_check_top(a);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
@@ -1037,7 +1037,7 @@ BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
        bn_check_top(a);
        bn_check_top(b);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
@@ -1099,7 +1099,7 @@ BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        int *arr = NULL;
        bn_check_top(a);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
@@ -1234,7 +1234,7 @@ BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        bn_check_top(a);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index a3a96662e8..28489f8181 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -245,7 +245,7 @@ BN_new(void)
 {
        BIGNUM *ret;
-        if ((ret = (BIGNUM *)malloc(sizeof(BIGNUM))) == NULL) {
+        if ((ret = malloc(sizeof(BIGNUM))) == NULL) {
                BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
                return (NULL);
        }
@@ -278,7 +278,7 @@ bn_expand_internal(const BIGNUM *b, int words)
                    BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
                return (NULL);
        }
-        a = A = (BN_ULONG *)malloc(sizeof(BN_ULONG)*words);
+        a = A = reallocarray(NULL, sizeof(BN_ULONG), words);
        if (A == NULL) {
                BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
                return (NULL);
diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c
index 3a0fb25369..ea5fa5c3da 100644
--- a/src/lib/libcrypto/bn/bn_print.c
+++ b/src/lib/libcrypto/bn/bn_print.c
@@ -116,7 +116,7 @@ BN_bn2dec(const BIGNUM *a)
         */
        i = BN_num_bits(a) * 3;
        num = (i / 10 + i / 1000 + 1) + 1;
-        bn_data = (BN_ULONG *)malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
+        bn_data = reallocarray(NULL, num / BN_DEC_NUM + 1, sizeof(BN_ULONG));
        buf = (char *)malloc(num + 3);
        if ((buf == NULL) || (bn_data == NULL)) {
                BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
author	deraadt <>	2014-05-29 21:07:43 +0000
committer	deraadt <>	2014-05-29 21:07:43 +0000
commit	3d662abca6b2a7f5bc9108b036434d61fcdb6e53 (patch)
tree	d5fe0c330801f3e72c7b588264c6027636db4330 /src/lib/libcrypto/bn
parent	d205a2aecb99564cccfbea61c39ebe3b0ddd7fb7 (diff)
download	openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.tar.gz openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.tar.bz2 openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.zip

diff --git a/src/lib/libcrypto/bn/bn_ctx.c b/src/lib/libcrypto/bn/bn_ctx.c index 7407dade50..2368e25183 100644 --- a/src/lib/libcrypto/bn/bn_ctx.c +++ b/src/lib/libcrypto/bn/bn_ctx.c
@@ -349,8 +349,8 @@ BN_STACK_push(BN_STACK *st, unsigned int idx)
349	{	349	{
350	unsigned int newsize = (st->size ?	350	unsigned int newsize = (st->size ?
351	(st->size * 3 / 2) : BN_CTX_START_FRAMES);	351	(st->size * 3 / 2) : BN_CTX_START_FRAMES);
352	unsigned int newitems = malloc(newsize	352	unsigned int *newitems = reallocarray(NULL,
353	sizeof(unsigned int));	353	newsize, sizeof(unsigned int));
354	if (!newitems)	354	if (!newitems)
355	return 0;	355	return 0;
356	if (st->depth)	356	if (st->depth)


diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c index 4000fb8733..4bd50924d3 100644 --- a/src/lib/libcrypto/bn/bn_gf2m.c +++ b/src/lib/libcrypto/bn/bn_gf2m.c
@@ -547,7 +547,7 @@ BN_GF2m_mod_mul(BIGNUM r, const BIGNUM a, const BIGNUM b, const BIGNUM p,
547	bn_check_top(a);	547	bn_check_top(a);
548	bn_check_top(b);	548	bn_check_top(b);
549	bn_check_top(p);	549	bn_check_top(p);
550	if ((arr = (int )malloc(sizeof(int) max)) == NULL)	550	if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
551	goto err;	551	goto err;
552	ret = BN_GF2m_poly2arr(p, arr, max);	552	ret = BN_GF2m_poly2arr(p, arr, max);
553	if (!ret \|\| ret > max) {	553	if (!ret \|\| ret > max) {
@@ -609,7 +609,7 @@ BN_GF2m_mod_sqr(BIGNUM r, const BIGNUM a, const BIGNUM p, BN_CTX ctx)
609		609
610	bn_check_top(a);	610	bn_check_top(a);
611	bn_check_top(p);	611	bn_check_top(p);
612	if ((arr = (int )malloc(sizeof(int) max)) == NULL)	612	if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
613	goto err;	613	goto err;
614	ret = BN_GF2m_poly2arr(p, arr, max);	614	ret = BN_GF2m_poly2arr(p, arr, max);
615	if (!ret \|\| ret > max) {	615	if (!ret \|\| ret > max) {
@@ -1037,7 +1037,7 @@ BN_GF2m_mod_exp(BIGNUM r, const BIGNUM a, const BIGNUM b, const BIGNUM p,
1037	bn_check_top(a);	1037	bn_check_top(a);
1038	bn_check_top(b);	1038	bn_check_top(b);
1039	bn_check_top(p);	1039	bn_check_top(p);
1040	if ((arr = (int )malloc(sizeof(int) max)) == NULL)	1040	if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
1041	goto err;	1041	goto err;
1042	ret = BN_GF2m_poly2arr(p, arr, max);	1042	ret = BN_GF2m_poly2arr(p, arr, max);
1043	if (!ret \|\| ret > max) {	1043	if (!ret \|\| ret > max) {
@@ -1099,7 +1099,7 @@ BN_GF2m_mod_sqrt(BIGNUM r, const BIGNUM a, const BIGNUM p, BN_CTX ctx)
1099	int *arr = NULL;	1099	int *arr = NULL;
1100	bn_check_top(a);	1100	bn_check_top(a);
1101	bn_check_top(p);	1101	bn_check_top(p);
1102	if ((arr = (int )malloc(sizeof(int) max)) == NULL)	1102	if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
1103	goto err;	1103	goto err;
1104	ret = BN_GF2m_poly2arr(p, arr, max);	1104	ret = BN_GF2m_poly2arr(p, arr, max);
1105	if (!ret \|\| ret > max) {	1105	if (!ret \|\| ret > max) {
@@ -1234,7 +1234,7 @@ BN_GF2m_mod_solve_quad(BIGNUM r, const BIGNUM a, const BIGNUM p, BN_CTX ctx)
1234		1234
1235	bn_check_top(a);	1235	bn_check_top(a);
1236	bn_check_top(p);	1236	bn_check_top(p);
1237	if ((arr = (int )malloc(sizeof(int) max)) == NULL)	1237	if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
1238	goto err;	1238	goto err;
1239	ret = BN_GF2m_poly2arr(p, arr, max);	1239	ret = BN_GF2m_poly2arr(p, arr, max);
1240	if (!ret \|\| ret > max) {	1240	if (!ret \|\| ret > max) {


diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c index a3a96662e8..28489f8181 100644 --- a/src/lib/libcrypto/bn/bn_lib.c +++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -245,7 +245,7 @@ BN_new(void)
245	{	245	{
246	BIGNUM *ret;	246	BIGNUM *ret;
247		247
248	if ((ret = (BIGNUM *)malloc(sizeof(BIGNUM))) == NULL) {	248	if ((ret = malloc(sizeof(BIGNUM))) == NULL) {
249	BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);	249	BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
250	return (NULL);	250	return (NULL);
251	}	251	}
@@ -278,7 +278,7 @@ bn_expand_internal(const BIGNUM *b, int words)
278	BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);	278	BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
279	return (NULL);	279	return (NULL);
280	}	280	}
281	a = A = (BN_ULONG )malloc(sizeof(BN_ULONG)words);	281	a = A = reallocarray(NULL, sizeof(BN_ULONG), words);
282	if (A == NULL) {	282	if (A == NULL) {
283	BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);	283	BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
284	return (NULL);	284	return (NULL);


diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c index 3a0fb25369..ea5fa5c3da 100644 --- a/src/lib/libcrypto/bn/bn_print.c +++ b/src/lib/libcrypto/bn/bn_print.c
@@ -116,7 +116,7 @@ BN_bn2dec(const BIGNUM *a)
116	*/	116	*/
117	i = BN_num_bits(a) * 3;	117	i = BN_num_bits(a) * 3;
118	num = (i / 10 + i / 1000 + 1) + 1;	118	num = (i / 10 + i / 1000 + 1) + 1;
119	bn_data = (BN_ULONG )malloc((num / BN_DEC_NUM + 1) sizeof(BN_ULONG));	119	bn_data = reallocarray(NULL, num / BN_DEC_NUM + 1, sizeof(BN_ULONG));
120	buf = (char *)malloc(num + 3);	120	buf = (char *)malloc(num + 3);
121	if ((buf == NULL) \|\| (bn_data == NULL)) {	121	if ((buf == NULL) \|\| (bn_data == NULL)) {
122	BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);	122	BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);