From 4dce4206f0cafd0811f23aedc04a436aa9d145c1 Mon Sep 17 00:00:00 2001 From: deraadt <> Date: Sun, 2 Sep 2007 15:19:18 +0000 Subject: use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg --- src/lib/libc/net/getprotoent.c | 4 ++-- src/lib/libc/net/getservent.c | 4 ++-- src/lib/libc/net/rcmdsh.c | 4 ++-- src/lib/libc/stdlib/hcreate.c | 4 ++-- src/lib/libc/stdlib/radixsort.c | 4 ++-- src/lib/libc/string/bm.c | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libc/net/getprotoent.c b/src/lib/libc/net/getprotoent.c index 7c6ab68166..f0705e0765 100644 --- a/src/lib/libc/net/getprotoent.c +++ b/src/lib/libc/net/getprotoent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getprotoent.c,v 1.9 2006/01/17 15:41:52 millert Exp $ */ +/* $OpenBSD: getprotoent.c,v 1.10 2007/09/02 15:19:17 deraadt Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -102,7 +102,7 @@ again: pe->p_proto = l; if (pd->aliases == NULL) { pd->maxaliases = 5; - pd->aliases = malloc(pd->maxaliases * sizeof(char *)); + pd->aliases = calloc(pd->maxaliases, sizeof(char *)); if (pd->aliases == NULL) { serrno = errno; endprotoent_r(pd); diff --git a/src/lib/libc/net/getservent.c b/src/lib/libc/net/getservent.c index ab916b8e80..c81a4cf3e2 100644 --- a/src/lib/libc/net/getservent.c +++ b/src/lib/libc/net/getservent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getservent.c,v 1.11 2006/01/17 15:41:52 millert Exp $ */ +/* $OpenBSD: getservent.c,v 1.12 2007/09/02 15:19:17 deraadt Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -104,7 +104,7 @@ again: se->s_proto = cp; if (sd->aliases == NULL) { sd->maxaliases = 10; - sd->aliases = malloc(sd->maxaliases * sizeof(char *)); + sd->aliases = calloc(sd->maxaliases, sizeof(char *)); if (sd->aliases == NULL) { serrno = errno; endservent_r(sd); diff --git a/src/lib/libc/net/rcmdsh.c b/src/lib/libc/net/rcmdsh.c index 34a228d1e9..a472162711 100644 --- a/src/lib/libc/net/rcmdsh.c +++ b/src/lib/libc/net/rcmdsh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rcmdsh.c,v 1.11 2005/08/06 20:30:03 espie Exp $ */ +/* $OpenBSD: rcmdsh.c,v 1.12 2007/09/02 15:19:17 deraadt Exp $ */ /* * Copyright (c) 2001, MagniComp @@ -151,7 +151,7 @@ rcmdsh(char **ahost, int rport, const char *locuser, const char *remuser, for (n = 7; (p = strchr(++p, ' ')) != NULL; n++) continue; rshprog = strdup(rshprog); - ap = argv = malloc(sizeof(char *) * n); + ap = argv = calloc(sizeof(char *), n); if (rshprog == NULL || argv == NULL) { perror("rcmdsh"); _exit(255); diff --git a/src/lib/libc/stdlib/hcreate.c b/src/lib/libc/stdlib/hcreate.c index f8df1bcd7c..094f32c173 100644 --- a/src/lib/libc/stdlib/hcreate.c +++ b/src/lib/libc/stdlib/hcreate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hcreate.c,v 1.3 2005/10/10 17:37:44 espie Exp $ */ +/* $OpenBSD: hcreate.c,v 1.4 2007/09/02 15:19:17 deraadt Exp $ */ /* $NetBSD: hcreate.c,v 1.5 2004/04/23 02:48:12 simonb Exp $ */ /* @@ -117,7 +117,7 @@ hcreate(size_t nel) /* Allocate the table. */ htablesize = nel; - htable = malloc(htablesize * sizeof htable[0]); + htable = calloc(htablesize, sizeof htable[0]); if (htable == NULL) { errno = ENOMEM; return 0; diff --git a/src/lib/libc/stdlib/radixsort.c b/src/lib/libc/stdlib/radixsort.c index 0b2ff27044..49d03b52d5 100644 --- a/src/lib/libc/stdlib/radixsort.c +++ b/src/lib/libc/stdlib/radixsort.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radixsort.c,v 1.8 2005/08/08 08:05:37 espie Exp $ */ +/* $OpenBSD: radixsort.c,v 1.9 2007/09/02 15:19:17 deraadt Exp $ */ /*- * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. @@ -104,7 +104,7 @@ sradixsort(const u_char **a, int n, const u_char *tab, u_int endch) if (n < THRESHOLD) simplesort(a, n, 0, tr, endch); else { - if ((ta = malloc(n * sizeof(a))) == NULL) + if ((ta = calloc(n, sizeof(a))) == NULL) return (-1); r_sort_b(a, ta, n, 0, tr, endch); free(ta); diff --git a/src/lib/libc/string/bm.c b/src/lib/libc/string/bm.c index 829c24082e..2c4c6ca720 100644 --- a/src/lib/libc/string/bm.c +++ b/src/lib/libc/string/bm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bm.c,v 1.6 2005/08/08 08:05:37 espie Exp $ */ +/* $OpenBSD: bm.c,v 1.7 2007/09/02 15:19:18 deraadt Exp $ */ /*- * Copyright (c) 1994 * The Regents of the University of California. All rights reserved. @@ -104,7 +104,7 @@ bm_comp(u_char const *pb, size_t len, u_char const *freq) goto mem; memcpy(pat->pat, pb, pat->patlen); /* get skip delta */ - if ((pat->delta = malloc(256 * sizeof(*d))) == NULL) + if ((pat->delta = calloc(256, sizeof(*d))) == NULL) goto mem; for (j = 0, d = pat->delta; j < 256; j++) d[j] = pat->patlen; -- cgit v1.2.3-55-g6feb