convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53

potential integer overflows easily changed into an allocation return
of NULL, with errno nicely set if need be.  checks for an allocations
returning NULL are commonplace, or if the object is dereferenced
(quite normal) will result in a nice fault which can be detected &
repaired properly.
ok tedu

2 files changed, 3 insertions, 3 deletions

diff --git a/src/lib/libcrypto/srp/srp_lib.c b/src/lib/libcrypto/srp/srp_lib.c
index a3a67eda2e..77e2c2c2f2 100644
--- a/src/lib/libcrypto/srp/srp_lib.c
+++ b/src/lib/libcrypto/srp/srp_lib.c
@@ -121,7 +121,7 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
 
         longN= BN_num_bytes(N);
 
-        if ((cAB = malloc(2*longN)) == NULL) 
+        if ((cAB = reallocarray(NULL, 2, longN)) == NULL) 
                 return NULL;
 
         memset(cAB, 0, longN);
diff --git a/src/lib/libcrypto/srp/srp_vfy.c b/src/lib/libcrypto/srp/srp_vfy.c
index de7dbe5bbd..6ad80ef992 100644
--- a/src/lib/libcrypto/srp/srp_vfy.c
+++ b/src/lib/libcrypto/srp/srp_vfy.c
@@ -573,7 +573,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
         if(!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn)) goto err;
 
         BN_bn2bin(v,tmp);
-        if (((vf = malloc(BN_num_bytes(v)*2)) == NULL))
+        if (((vf = reallocarray(NULL, BN_num_bytes(v), 2)) == NULL))
                 goto err;
         t_tob64(vf, tmp, BN_num_bytes(v));
 
@@ -582,7 +582,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
                 {
                 char *tmp_salt;
 
-                if ((tmp_salt = malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
+                if ((tmp_salt = reallocarray(NULL, SRP_RANDOM_SALT_LEN, 2)) == NULL)
                         {
                         free(vf);
                         goto err;