From 1856c6ee81193568a82764f32d3723fe08ac8f39 Mon Sep 17 00:00:00 2001
From: doug <>
Date: Sat, 11 Oct 2014 04:22:03 +0000
Subject: Userland reallocarray() audit.

Avoid potential integer overflow in the size argument of malloc() and
realloc() by using reallocarray() to avoid unchecked multiplication.

ok deraadt@
---
 src/lib/libc/net/getservent.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/lib/libc/net/getservent.c b/src/lib/libc/net/getservent.c
index 7e3293389d..dc43da0a8b 100644
--- a/src/lib/libc/net/getservent.c
+++ b/src/lib/libc/net/getservent.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: getservent.c,v 1.13 2014/09/15 06:15:48 guenther Exp $ */
+/*	$OpenBSD: getservent.c,v 1.14 2014/10/11 04:22:03 doug Exp $ */
 /*
  * Copyright (c) 1983, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -122,8 +122,8 @@ again:
 			continue;
 		}
 		if (q == &se->s_aliases[sd->maxaliases - 1]) {
-			p = realloc(se->s_aliases,
-			    2 * sd->maxaliases * sizeof(char *));
+			p = reallocarray(se->s_aliases, sd->maxaliases,
+			    2 * sizeof(char *));
 			if (p == NULL) {
 				serrno = errno;
 				endservent_r(sd);
-- 
cgit v1.2.3-55-g6feb