convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53

potential integer overflows easily changed into an allocation return
of NULL, with errno nicely set if need be.  checks for an allocations
returning NULL are commonplace, or if the object is dereferenced
(quite normal) will result in a nice fault which can be detected &
repaired properly.
ok tedu

5 files changed, 20 insertions, 13 deletions

diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
index c0525c4940..b3bd34d82d 100644
--- a/src/lib/libcrypto/ec/ec_mult.c
+++ b/src/lib/libcrypto/ec/ec_mult.c
@@ -425,11 +425,11 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
         }
         totalnum = num + numblocks;
 
-        wsize = malloc(totalnum * sizeof wsize[0]);
-        wNAF_len = malloc(totalnum * sizeof wNAF_len[0]);
-        wNAF = malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for
-                                                         * pivot */
-        val_sub = malloc(totalnum * sizeof val_sub[0]);
+        wsize = reallocarray(NULL, totalnum, sizeof wsize[0]);
+        wNAF_len = reallocarray(NULL, totalnum, sizeof wNAF_len[0]);
+        /* includes space for pivot */
+        wNAF = reallocarray(NULL, (totalnum + 1), sizeof wNAF[0]);
+        val_sub = reallocarray(NULL, totalnum, sizeof val_sub[0]);
 
         if (!wsize || !wNAF_len || !wNAF || !val_sub) {
                 ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
@@ -573,7 +573,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
          * to a subarray of 'pre_comp->points' if we already have
          * precomputation.
          */
-        val = malloc((num_val + 1) * sizeof val[0]);
+        val = reallocarray(NULL, (num_val + 1), sizeof val[0]);
         if (val == NULL) {
                 ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
                 goto err;
@@ -790,7 +790,7 @@ ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
         num = pre_points_per_block * numblocks; /* number of points to
                                                  * compute and store */
 
-        points = malloc(sizeof(EC_POINT *) * (num + 1));
+        points = reallocarray(NULL, sizeof(EC_POINT *), (num + 1));
         if (!points) {
                 ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
                 goto err;
diff --git a/src/lib/libcrypto/ec/ecp_nistp224.c b/src/lib/libcrypto/ec/ecp_nistp224.c
index 53aced54d5..6e9b9fac3c 100644
--- a/src/lib/libcrypto/ec/ecp_nistp224.c
+++ b/src/lib/libcrypto/ec/ecp_nistp224.c
@@ -1438,7 +1438,8 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
                 secrets = calloc(num_points, sizeof(felem_bytearray));
                 pre_comp = calloc(num_points, 17 * 3 * sizeof(felem));
                 if (mixed)
-                        tmp_felems = malloc((num_points * 17 + 1) * sizeof(felem));
+                        tmp_felems = reallocarray(NULL,
+                            (num_points * 17 + 1), sizeof(felem));
                 if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) {
                         ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_MALLOC_FAILURE);
                         goto err;
diff --git a/src/lib/libcrypto/ec/ecp_nistp256.c b/src/lib/libcrypto/ec/ecp_nistp256.c
index df80cc2b8a..b2398e106c 100644
--- a/src/lib/libcrypto/ec/ecp_nistp256.c
+++ b/src/lib/libcrypto/ec/ecp_nistp256.c
@@ -1987,8 +1987,11 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
                 }
                 secrets = calloc(num_points, sizeof(felem_bytearray));
                 pre_comp = calloc(num_points, 17 * 3 * sizeof(smallfelem));
-                if (mixed)
-                        tmp_smallfelems = malloc((num_points * 17 + 1) * sizeof(smallfelem));
+                if (mixed) {
+                        /* XXX should do more int overflow checking */
+                        tmp_smallfelems = reallocarray(NULL,
+                            (num_points * 17 + 1), sizeof(smallfelem));
+                }
                 if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_smallfelems == NULL))) {
                         ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
                         goto err;
diff --git a/src/lib/libcrypto/ec/ecp_nistp521.c b/src/lib/libcrypto/ec/ecp_nistp521.c
index 6792c5b71d..083e017cdc 100644
--- a/src/lib/libcrypto/ec/ecp_nistp521.c
+++ b/src/lib/libcrypto/ec/ecp_nistp521.c
@@ -1874,8 +1874,11 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
                 }
                 secrets = calloc(num_points, sizeof(felem_bytearray));
                 pre_comp = calloc(num_points, 17 * 3 * sizeof(felem));
-                if (mixed)
-                        tmp_felems = malloc((num_points * 17 + 1) * sizeof(felem));
+                if (mixed) {
+                        /* XXX should do more int overflow checking */
+                        tmp_felems = reallocarray(NULL,
+                            (num_points * 17 + 1), sizeof(felem));
+                }
                 if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) {
                         ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_MALLOC_FAILURE);
                         goto err;
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
index b87410120d..46783a47a8 100644
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -1257,7 +1257,7 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT *
          */
         pow2 <<= 1;
 
-        heap = malloc(pow2 * sizeof heap[0]);
+        heap = reallocarray(NULL, pow2, sizeof heap[0]);
         if (heap == NULL)
                 goto err;