use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg

author: deraadt <> 2007-09-02 15:19:18 +0000
committer: deraadt <> 2007-09-02 15:19:18 +0000
commit: 4dce4206f0cafd0811f23aedc04a436aa9d145c1 (patch)
tree: 9bdb3d7b5724b183b1a397bf8f071fac1f056834 /src/lib
parent: 7c27b50830c6058e8a7d8f2a3398c9c2f429b9f4 (diff)
download: openbsd-4dce4206f0cafd0811f23aedc04a436aa9d145c1.tar.gz
openbsd-4dce4206f0cafd0811f23aedc04a436aa9d145c1.tar.bz2
openbsd-4dce4206f0cafd0811f23aedc04a436aa9d145c1.zip
6 files changed, 12 insertions, 12 deletions
diff --git a/src/lib/libc/net/getprotoent.c b/src/lib/libc/net/getprotoent.c
index 7c6ab68166..f0705e0765 100644
--- a/src/lib/libc/net/getprotoent.c
+++ b/src/lib/libc/net/getprotoent.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: getprotoent.c,v 1.9 2006/01/17 15:41:52 millert Exp $ */
+/*      $OpenBSD: getprotoent.c,v 1.10 2007/09/02 15:19:17 deraadt Exp $ */
 /*
 * Copyright (c) 1983, 1993
 *      The Regents of the University of California.  All rights reserved.
@@ -102,7 +102,7 @@ again:
        pe->p_proto = l;
        if (pd->aliases == NULL) {
                pd->maxaliases = 5;
-                pd->aliases = malloc(pd->maxaliases * sizeof(char *));
+                pd->aliases = calloc(pd->maxaliases, sizeof(char *));
                if (pd->aliases == NULL) {
                        serrno = errno;
                        endprotoent_r(pd);
diff --git a/src/lib/libc/net/getservent.c b/src/lib/libc/net/getservent.c
index ab916b8e80..c81a4cf3e2 100644
--- a/src/lib/libc/net/getservent.c
+++ b/src/lib/libc/net/getservent.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: getservent.c,v 1.11 2006/01/17 15:41:52 millert Exp $ */
+/*      $OpenBSD: getservent.c,v 1.12 2007/09/02 15:19:17 deraadt Exp $ */
 /*
 * Copyright (c) 1983, 1993
 *      The Regents of the University of California.  All rights reserved.
@@ -104,7 +104,7 @@ again:
        se->s_proto = cp;
        if (sd->aliases == NULL) {
                sd->maxaliases = 10;
-                sd->aliases = malloc(sd->maxaliases * sizeof(char *));
+                sd->aliases = calloc(sd->maxaliases, sizeof(char *));
                if (sd->aliases == NULL) {
                        serrno = errno;
                        endservent_r(sd);
diff --git a/src/lib/libc/net/rcmdsh.c b/src/lib/libc/net/rcmdsh.c
index 34a228d1e9..a472162711 100644
--- a/src/lib/libc/net/rcmdsh.c
+++ b/src/lib/libc/net/rcmdsh.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: rcmdsh.c,v 1.11 2005/08/06 20:30:03 espie Exp $       */ 
+/*      $OpenBSD: rcmdsh.c,v 1.12 2007/09/02 15:19:17 deraadt Exp $     */ 
 /*
 * Copyright (c) 2001, MagniComp
@@ -151,7 +151,7 @@ rcmdsh(char **ahost, int rport, const char *locuser, const char *remuser,
                        for (n = 7; (p = strchr(++p, ' ')) != NULL; n++)
                                continue;
                        rshprog = strdup(rshprog);
-                        ap = argv = malloc(sizeof(char *) * n);
+                        ap = argv = calloc(sizeof(char *), n);
                        if (rshprog == NULL || argv == NULL) {
                                perror("rcmdsh");
                                _exit(255);
diff --git a/src/lib/libc/stdlib/hcreate.c b/src/lib/libc/stdlib/hcreate.c
index f8df1bcd7c..094f32c173 100644
--- a/src/lib/libc/stdlib/hcreate.c
+++ b/src/lib/libc/stdlib/hcreate.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: hcreate.c,v 1.3 2005/10/10 17:37:44 espie Exp $       */
+/*      $OpenBSD: hcreate.c,v 1.4 2007/09/02 15:19:17 deraadt Exp $     */
 /*      $NetBSD: hcreate.c,v 1.5 2004/04/23 02:48:12 simonb Exp $       */
 /*
@@ -117,7 +117,7 @@ hcreate(size_t nel)
        
        /* Allocate the table. */
        htablesize = nel;
-        htable = malloc(htablesize * sizeof htable[0]);
+        htable = calloc(htablesize, sizeof htable[0]);
        if (htable == NULL) {
                errno = ENOMEM;
                return 0;
diff --git a/src/lib/libc/stdlib/radixsort.c b/src/lib/libc/stdlib/radixsort.c
index 0b2ff27044..49d03b52d5 100644
--- a/src/lib/libc/stdlib/radixsort.c
+++ b/src/lib/libc/stdlib/radixsort.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: radixsort.c,v 1.8 2005/08/08 08:05:37 espie Exp $ */
+/*      $OpenBSD: radixsort.c,v 1.9 2007/09/02 15:19:17 deraadt Exp $ */
 /*-
 * Copyright (c) 1990, 1993
 *      The Regents of the University of California.  All rights reserved.
@@ -104,7 +104,7 @@ sradixsort(const u_char **a, int n, const u_char *tab, u_int endch)
        if (n < THRESHOLD)
                simplesort(a, n, 0, tr, endch);
        else {
-                if ((ta = malloc(n * sizeof(a))) == NULL)
+                if ((ta = calloc(n, sizeof(a))) == NULL)
                        return (-1);
                r_sort_b(a, ta, n, 0, tr, endch);
                free(ta);
diff --git a/src/lib/libc/string/bm.c b/src/lib/libc/string/bm.c
index 829c24082e..2c4c6ca720 100644
--- a/src/lib/libc/string/bm.c
+++ b/src/lib/libc/string/bm.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: bm.c,v 1.6 2005/08/08 08:05:37 espie Exp $ */
+/*      $OpenBSD: bm.c,v 1.7 2007/09/02 15:19:18 deraadt Exp $ */
 /*-
 * Copyright (c) 1994
 *      The Regents of the University of California.  All rights reserved.
@@ -104,7 +104,7 @@ bm_comp(u_char const *pb, size_t len, u_char const *freq)
                goto mem;
        memcpy(pat->pat, pb, pat->patlen);
                                                /* get skip delta */
-        if ((pat->delta = malloc(256 * sizeof(*d))) == NULL)
+        if ((pat->delta = calloc(256, sizeof(*d))) == NULL)
                goto mem;
        for (j = 0, d = pat->delta; j < 256; j++)
                d[j] = pat->patlen;
author	deraadt <>	2007-09-02 15:19:18 +0000
committer	deraadt <>	2007-09-02 15:19:18 +0000
commit	4dce4206f0cafd0811f23aedc04a436aa9d145c1 (patch)
tree	9bdb3d7b5724b183b1a397bf8f071fac1f056834 /src/lib
parent	7c27b50830c6058e8a7d8f2a3398c9c2f429b9f4 (diff)
download	openbsd-4dce4206f0cafd0811f23aedc04a436aa9d145c1.tar.gz openbsd-4dce4206f0cafd0811f23aedc04a436aa9d145c1.tar.bz2 openbsd-4dce4206f0cafd0811f23aedc04a436aa9d145c1.zip

diff --git a/src/lib/libc/net/getprotoent.c b/src/lib/libc/net/getprotoent.c index 7c6ab68166..f0705e0765 100644 --- a/src/lib/libc/net/getprotoent.c +++ b/src/lib/libc/net/getprotoent.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: getprotoent.c,v 1.9 2006/01/17 15:41:52 millert Exp $ */	1	/* $OpenBSD: getprotoent.c,v 1.10 2007/09/02 15:19:17 deraadt Exp $ */
2	/*	2	/*
3	* Copyright (c) 1983, 1993	3	* Copyright (c) 1983, 1993
4	* The Regents of the University of California. All rights reserved.	4	* The Regents of the University of California. All rights reserved.
@@ -102,7 +102,7 @@ again:
102	pe->p_proto = l;	102	pe->p_proto = l;
103	if (pd->aliases == NULL) {	103	if (pd->aliases == NULL) {
104	pd->maxaliases = 5;	104	pd->maxaliases = 5;
105	pd->aliases = malloc(pd->maxaliases * sizeof(char *));	105	pd->aliases = calloc(pd->maxaliases, sizeof(char *));
106	if (pd->aliases == NULL) {	106	if (pd->aliases == NULL) {
107	serrno = errno;	107	serrno = errno;
108	endprotoent_r(pd);	108	endprotoent_r(pd);


diff --git a/src/lib/libc/net/getservent.c b/src/lib/libc/net/getservent.c index ab916b8e80..c81a4cf3e2 100644 --- a/src/lib/libc/net/getservent.c +++ b/src/lib/libc/net/getservent.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: getservent.c,v 1.11 2006/01/17 15:41:52 millert Exp $ */	1	/* $OpenBSD: getservent.c,v 1.12 2007/09/02 15:19:17 deraadt Exp $ */
2	/*	2	/*
3	* Copyright (c) 1983, 1993	3	* Copyright (c) 1983, 1993
4	* The Regents of the University of California. All rights reserved.	4	* The Regents of the University of California. All rights reserved.
@@ -104,7 +104,7 @@ again:
104	se->s_proto = cp;	104	se->s_proto = cp;
105	if (sd->aliases == NULL) {	105	if (sd->aliases == NULL) {
106	sd->maxaliases = 10;	106	sd->maxaliases = 10;
107	sd->aliases = malloc(sd->maxaliases * sizeof(char *));	107	sd->aliases = calloc(sd->maxaliases, sizeof(char *));
108	if (sd->aliases == NULL) {	108	if (sd->aliases == NULL) {
109	serrno = errno;	109	serrno = errno;
110	endservent_r(sd);	110	endservent_r(sd);


diff --git a/src/lib/libc/net/rcmdsh.c b/src/lib/libc/net/rcmdsh.c index 34a228d1e9..a472162711 100644 --- a/src/lib/libc/net/rcmdsh.c +++ b/src/lib/libc/net/rcmdsh.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rcmdsh.c,v 1.11 2005/08/06 20:30:03 espie Exp $ */	1	/* $OpenBSD: rcmdsh.c,v 1.12 2007/09/02 15:19:17 deraadt Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2001, MagniComp	4	* Copyright (c) 2001, MagniComp
@@ -151,7 +151,7 @@ rcmdsh(char *ahost, int rport, const char locuser, const char *remuser,
151	for (n = 7; (p = strchr(++p, ' ')) != NULL; n++)	151	for (n = 7; (p = strchr(++p, ' ')) != NULL; n++)
152	continue;	152	continue;
153	rshprog = strdup(rshprog);	153	rshprog = strdup(rshprog);
154	ap = argv = malloc(sizeof(char ) n);	154	ap = argv = calloc(sizeof(char *), n);
155	if (rshprog == NULL \|\| argv == NULL) {	155	if (rshprog == NULL \|\| argv == NULL) {
156	perror("rcmdsh");	156	perror("rcmdsh");
157	_exit(255);	157	_exit(255);


diff --git a/src/lib/libc/stdlib/hcreate.c b/src/lib/libc/stdlib/hcreate.c index f8df1bcd7c..094f32c173 100644 --- a/src/lib/libc/stdlib/hcreate.c +++ b/src/lib/libc/stdlib/hcreate.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: hcreate.c,v 1.3 2005/10/10 17:37:44 espie Exp $ */	1	/* $OpenBSD: hcreate.c,v 1.4 2007/09/02 15:19:17 deraadt Exp $ */
2	/* $NetBSD: hcreate.c,v 1.5 2004/04/23 02:48:12 simonb Exp $ */	2	/* $NetBSD: hcreate.c,v 1.5 2004/04/23 02:48:12 simonb Exp $ */
3		3
4	/*	4	/*
@@ -117,7 +117,7 @@ hcreate(size_t nel)
117		117
118	/* Allocate the table. */	118	/* Allocate the table. */
119	htablesize = nel;	119	htablesize = nel;
120	htable = malloc(htablesize * sizeof htable[0]);	120	htable = calloc(htablesize, sizeof htable[0]);
121	if (htable == NULL) {	121	if (htable == NULL) {
122	errno = ENOMEM;	122	errno = ENOMEM;
123	return 0;	123	return 0;


diff --git a/src/lib/libc/stdlib/radixsort.c b/src/lib/libc/stdlib/radixsort.c index 0b2ff27044..49d03b52d5 100644 --- a/src/lib/libc/stdlib/radixsort.c +++ b/src/lib/libc/stdlib/radixsort.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: radixsort.c,v 1.8 2005/08/08 08:05:37 espie Exp $ */	1	/* $OpenBSD: radixsort.c,v 1.9 2007/09/02 15:19:17 deraadt Exp $ */
2	/*-	2	/*-
3	* Copyright (c) 1990, 1993	3	* Copyright (c) 1990, 1993
4	* The Regents of the University of California. All rights reserved.	4	* The Regents of the University of California. All rights reserved.
@@ -104,7 +104,7 @@ sradixsort(const u_char *a, int n, const u_char tab, u_int endch)
104	if (n < THRESHOLD)	104	if (n < THRESHOLD)
105	simplesort(a, n, 0, tr, endch);	105	simplesort(a, n, 0, tr, endch);
106	else {	106	else {
107	if ((ta = malloc(n * sizeof(a))) == NULL)	107	if ((ta = calloc(n, sizeof(a))) == NULL)
108	return (-1);	108	return (-1);
109	r_sort_b(a, ta, n, 0, tr, endch);	109	r_sort_b(a, ta, n, 0, tr, endch);
110	free(ta);	110	free(ta);


diff --git a/src/lib/libc/string/bm.c b/src/lib/libc/string/bm.c index 829c24082e..2c4c6ca720 100644 --- a/src/lib/libc/string/bm.c +++ b/src/lib/libc/string/bm.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bm.c,v 1.6 2005/08/08 08:05:37 espie Exp $ */	1	/* $OpenBSD: bm.c,v 1.7 2007/09/02 15:19:18 deraadt Exp $ */
2	/*-	2	/*-
3	* Copyright (c) 1994	3	* Copyright (c) 1994
4	* The Regents of the University of California. All rights reserved.	4	* The Regents of the University of California. All rights reserved.
@@ -104,7 +104,7 @@ bm_comp(u_char const pb, size_t len, u_char const freq)
104	goto mem;	104	goto mem;
105	memcpy(pat->pat, pb, pat->patlen);	105	memcpy(pat->pat, pb, pat->patlen);
106	/* get skip delta */	106	/* get skip delta */
107	if ((pat->delta = malloc(256 * sizeof(*d))) == NULL)	107	if ((pat->delta = calloc(256, sizeof(*d))) == NULL)
108	goto mem;	108	goto mem;
109	for (j = 0, d = pat->delta; j < 256; j++)	109	for (j = 0, d = pat->delta; j < 256; j++)
110	d[j] = pat->patlen;	110	d[j] = pat->patlen;