convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53

potential integer overflows easily changed into an allocation return of NULL, with errno nicely set if need be. checks for an allocations returning NULL are commonplace, or if the object is dereferenced (quite normal) will result in a nice fault which can be detected & repaired properly. ok tedu
author: deraadt <> 2014-05-29 21:07:43 +0000
committer: deraadt <> 2014-05-29 21:07:43 +0000
commit: 3d662abca6b2a7f5bc9108b036434d61fcdb6e53 (patch)
tree: d5fe0c330801f3e72c7b588264c6027636db4330 /src/lib/libcrypto/srp/srp_vfy.c
parent: d205a2aecb99564cccfbea61c39ebe3b0ddd7fb7 (diff)
download: openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.tar.gz
openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.tar.bz2
openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/srp/srp_vfy.c b/src/lib/libcrypto/srp/srp_vfy.c
index de7dbe5bbd..6ad80ef992 100644
--- a/src/lib/libcrypto/srp/srp_vfy.c
+++ b/src/lib/libcrypto/srp/srp_vfy.c
@@ -573,7 +573,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
        if(!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn)) goto err;
        BN_bn2bin(v,tmp);
-        if (((vf = malloc(BN_num_bytes(v)*2)) == NULL))
+        if (((vf = reallocarray(NULL, BN_num_bytes(v), 2)) == NULL))
                goto err;
        t_tob64(vf, tmp, BN_num_bytes(v));
@@ -582,7 +582,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
                {
                char *tmp_salt;
-                if ((tmp_salt = malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
+                if ((tmp_salt = reallocarray(NULL, SRP_RANDOM_SALT_LEN, 2)) == NULL)
                        {
                        free(vf);
                        goto err;
author	deraadt <>	2014-05-29 21:07:43 +0000
committer	deraadt <>	2014-05-29 21:07:43 +0000
commit	3d662abca6b2a7f5bc9108b036434d61fcdb6e53 (patch)
tree	d5fe0c330801f3e72c7b588264c6027636db4330 /src/lib/libcrypto/srp/srp_vfy.c
parent	d205a2aecb99564cccfbea61c39ebe3b0ddd7fb7 (diff)
download	openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.tar.gz openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.tar.bz2 openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.zip

diff --git a/src/lib/libcrypto/srp/srp_vfy.c b/src/lib/libcrypto/srp/srp_vfy.c index de7dbe5bbd..6ad80ef992 100644 --- a/src/lib/libcrypto/srp/srp_vfy.c +++ b/src/lib/libcrypto/srp/srp_vfy.c
@@ -573,7 +573,7 @@ char SRP_create_verifier(const char user, const char pass, char *salt,
573	if(!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn)) goto err;	573	if(!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn)) goto err;
574		574
575	BN_bn2bin(v,tmp);	575	BN_bn2bin(v,tmp);
576	if (((vf = malloc(BN_num_bytes(v)*2)) == NULL))	576	if (((vf = reallocarray(NULL, BN_num_bytes(v), 2)) == NULL))
577	goto err;	577	goto err;
578	t_tob64(vf, tmp, BN_num_bytes(v));	578	t_tob64(vf, tmp, BN_num_bytes(v));
579		579
@@ -582,7 +582,7 @@ char SRP_create_verifier(const char user, const char pass, char *salt,
582	{	582	{
583	char *tmp_salt;	583	char *tmp_salt;
584		584
585	if ((tmp_salt = malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)	585	if ((tmp_salt = reallocarray(NULL, SRP_RANDOM_SALT_LEN, 2)) == NULL)
586	{	586	{
587	free(vf);	587	free(vf);
588	goto err;	588	goto err;