From d8e4c1f27259e44a2831163d60b152c0e6a1e392 Mon Sep 17 00:00:00 2001
From: doug <>
Date: Sat, 11 Oct 2014 03:12:13 +0000
Subject: Userland reallocarray() audit.

Avoid potential integer overflow in the size argument of malloc() and
realloc() by using reallocarray() to avoid unchecked multiplication.

ok deraadt@
---
 src/lib/libc/net/getprotoent.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lib/libc/net/getprotoent.c b/src/lib/libc/net/getprotoent.c
index 87060b7b3c..7431566f85 100644
--- a/src/lib/libc/net/getprotoent.c
+++ b/src/lib/libc/net/getprotoent.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getprotoent.c,v 1.11 2014/09/15 06:15:48 guenther Exp $ */
+/*	$OpenBSD: getprotoent.c,v 1.12 2014/10/11 03:12:13 doug Exp $ */
 /*
  * Copyright (c) 1983, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -119,8 +119,8 @@ again:
 				continue;
 			}
 			if (q == &pe->p_aliases[pd->maxaliases - 1]) {
-				p = realloc(pe->p_aliases,
-				    2 * pd->maxaliases * sizeof(char *));
+				p = reallocarray(pe->p_aliases,
+				    pd->maxaliases, 2 * sizeof(char *));
 				if (p == NULL) {
 					serrno = errno;
 					endprotoent_r(pd);
-- 
cgit v1.2.3-55-g6feb