summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/malloc.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2014-04-20KNF.jsing8-528/+718
2014-04-20More KNF.jsing26-160/+176
2014-04-20More KNF.jsing2-100/+124
2014-04-20gettimeofday() is portable enough and does not need a wrapperderaadt2-18/+4
2014-04-20calloc() rather than malloc+memsetderaadt2-4/+4
2014-04-20Fix indentation, adding braces and combining a nested if to reduce depthguenther2-24/+28
2014-04-20KNF.jsing4-362/+438
2014-04-20KNF.jsing8-796/+786
2014-04-20Chop off more SSLv2 tentacles and start fixing and noting y2038 issues.guenther17-118/+44
APIs that pass times as longs will have to change at some point... Bump major on both libcrypto and libssl. ok tedu@
2014-04-20return after error instead of plowing ahead. noticed by mancha1 at zohotedu2-0/+2
2014-04-20Use calloc(a,b) instead of malloc(a*b) + memset(a*b). I don't know ifderaadt2-4/+2
this instance is integer-overflowable, but we cannot keep hand-auditing every instance (or apathetically ignoring these issues) when the simple calloc idiom is better in the presence of a good calloc(). It is simply unfeasible to always enter correct range checks before the aggregate size calculation, just go find some 4000 lines of code, REPAIR THEM ALL, then come back and tell me I am wrong. This only works on systems where calloc() does the integer overflow check, but if your system doesn't do this, you need to ask your vendor WHY THEY ARE 10 YEARS BEHIND IN BEST PRACTICE? This is the kind of problem that needs to be solved at the right layer. malloc integer-overflow was implicated in the 2002 OpenSSH hole. OpenSSH and much other code is now written to use calloc(), for instance OpenSSH has 103 calls to it. We feel safer with our use of calloc(). It is a natural approach for us to use calloc(). How safe do you feel on systems which lack that range check in their calloc()? Good writeup from 2006: http://undeadly.org/cgi?action=article&sid=20060330071917
2014-04-20Undo a calloc() replacement. It lacks the integer overflow check thatderaadt1-14/+1
the system one has.
2014-04-20KNF.jsing24-2308/+2268
2014-04-20reset imprint to NULL to avoid double free. from mancha1 at zohotedu2-0/+2
2014-04-19release buffers fix was lost in merge. put it back.tedu2-2/+4
2014-04-19change some rsh references to ssh. poke by jmctedu2-9/+9
2014-04-19More KNF.jsing4-74/+84
2014-04-19More KNF.jsing6-90/+122
2014-04-19another attempt at fixing stale x509 data. since we don't know where thetedu2-20/+16
initial storage came from, we can't free it. just memset in the sequence case. probably ok beck
2014-04-19More KNF.jsing14-157/+163
2014-04-19More KNF.jsing2-40/+40
2014-04-19tweak previous;jmc1-3/+2
2014-04-19zap trailing whitespace;jmc1-2/+2
2014-04-19remove the openssl_fdset wrapper, and a variety of VMS'ism's likederaadt6-48/+19
crazy (void *) casts all over the place ok beck jsing
2014-04-19KNF.jsing12-1626/+1628
2014-04-19Remove a gethostbyname() cache layer. The internet works better thesederaadt1-50/+1
days. Initially fixed this, but Ted asked for it to die.
2014-04-19ReadFile() and GetStdHandle() are not very POSIX.deraadt4-45/+6
ok beck jsing
2014-04-19truncation check some snprintf calls (over-cautiously in case)deraadt4-19/+78
ok jsing beck
2014-04-19can't actually do this. cause unknown.tedu2-2/+2
2014-04-19Fix some serious pointer-arithmatic-magic-number-unchecked-return eyebleedbeck1-53/+44
that I stumbled into here and got stuck with. If modern society can get past selling daughters for cows, surely we can decide to write modern C code in an "application" that is probably 3 lines of shell/python/cgi away from talking to the internet in a lot of places.. (This file still needs a lot more love though) "oh god yuck" deraadt@ ok tedu@
2014-04-19KNF.jsing12-1128/+1060
2014-04-19Repair some indent to be more KNF, and break instead of fallthrough toderaadt1-12/+14
default which does break
2014-04-19one small tweak to avoid ever going off the end of a string.tedu1-4/+6
2014-04-19improved checking for invalid hashes. from solar designertedu1-6/+10
2014-04-19More KNF.jsing6-66/+68
2014-04-19kill a stray \deraadt1-2/+2
2014-04-19Lacking a proof that--for this implementation--exposure of Montgomeryguenther4-14/+14
multiplication or RSA blinding parameters doesn't permit retroactive timing analysis of the secrets, we'll do the stupidly cheap thing and cleanse them before freeing them. ok deraadt@
2014-04-19More KNF.jsing10-476/+592
2014-04-19Remove hacky workaround for Cray T3E.deraadt1-11/+0
ok guenther
2014-04-19More KNF.jsing8-522/+758
2014-04-19oops, typo got into changederaadt1-1/+1
2014-04-19More KNF.jsing6-20/+28
2014-04-19malloc + strlcpy -> strdupderaadt1-3/+2
2014-04-19unifdef ENOTDIR, everyone has itderaadt1-15/+3
2014-04-19We'll interpret a (void) cast on snprintf() to mean it's been verified thatguenther55-147/+147
truncation is either desirable, not an issue, or is detected and handled later ok deraadt@
2014-04-19Use somewhat harsher language and better examples; demonstrate thatderaadt4-109/+88
non-dangerous use functions is difficult. ok guenther
2014-04-19Split inet(3) into three pages by decade: 1980s -> inet_lnaof(3),guenther4-183/+320
1990s -> inet_addr(3), 2000s and beyond -> inet_ntop(3). ok tedu@ (who also noted the timeline) deraadt@ jmc@
2014-04-19egd is gonederaadt4-38/+3
2014-04-19The internal ssl2_* functions and variables are goneguenther2-60/+0
2014-04-19More KNF.jsing8-1370/+1522
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-02 22:46:30 +0000