From dd127b6b5a62ebd88f0cbb2e6d7d749d20363a16 Mon Sep 17 00:00:00 2001
From: doug <>
Date: Sat, 18 Oct 2014 03:04:28 +0000
Subject: Typical malloc() with size multiplication to reallocarray().

ok deraadt@
---
 src/lib/libssl/src/ssl/s3_enc.c | 8 ++++----
 src/lib/libssl/src/ssl/t1_enc.c | 8 ++++----
 src/lib/libssl/t1_enc.c         | 8 ++++----
 3 files changed, 12 insertions(+), 12 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index f268a2a265..93f5d6ac47 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_enc.c,v 1.54 2014/08/07 20:02:23 miod Exp $ */
+/* $OpenBSD: s3_enc.c,v 1.55 2014/10/18 03:04:28 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -347,12 +347,12 @@ ssl3_setup_key_block(SSL *s)
 	if (mac_len < 0)
 		return 0;
 
-	key_block_len = (mac_len + key_len + iv_len) * 2;
-
 	ssl3_cleanup_key_block(s);
 
-	if ((key_block = malloc(key_block_len)) == NULL)
+	if ((key_block = reallocarray(NULL, mac_len + key_len + iv_len, 2))
+	    == NULL)
 		goto err;
+	key_block_len = (mac_len + key_len + iv_len) * 2;
 
 	s->s3->tmp.key_block_length = key_block_len;
 	s->s3->tmp.key_block = key_block;
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 6ad721bd8a..a62d7a939c 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.69 2014/08/07 20:02:23 miod Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.70 2014/10/18 03:04:28 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -603,14 +603,14 @@ tls1_setup_key_block(SSL *s)
 	s->s3->tmp.new_mac_pkey_type = mac_type;
 	s->s3->tmp.new_mac_secret_size = mac_secret_size;
 
-	key_block_len = (mac_secret_size + key_len + iv_len) * 2;
-
 	ssl3_cleanup_key_block(s);
 
-	if ((key_block = malloc(key_block_len)) == NULL) {
+	if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len,
+	    2)) == NULL) {
 		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
+	key_block_len = (mac_secret_size + key_len + iv_len) * 2;
 
 	s->s3->tmp.key_block_length = key_block_len;
 	s->s3->tmp.key_block = key_block;
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 6ad721bd8a..a62d7a939c 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.69 2014/08/07 20:02:23 miod Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.70 2014/10/18 03:04:28 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -603,14 +603,14 @@ tls1_setup_key_block(SSL *s)
 	s->s3->tmp.new_mac_pkey_type = mac_type;
 	s->s3->tmp.new_mac_secret_size = mac_secret_size;
 
-	key_block_len = (mac_secret_size + key_len + iv_len) * 2;
-
 	ssl3_cleanup_key_block(s);
 
-	if ((key_block = malloc(key_block_len)) == NULL) {
+	if ((key_block = reallocarray(NULL, mac_secret_size + key_len + iv_len,
+	    2)) == NULL) {
 		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
+	key_block_len = (mac_secret_size + key_len + iv_len) * 2;
 
 	s->s3->tmp.key_block_length = key_block_len;
 	s->s3->tmp.key_block = key_block;
-- 
cgit v1.2.3-55-g6feb