diff options
| author |   doug <doug@openbsd.org> | 2014-10-11 03:06:44 +0000 |
|---|---|---|
| committer | doug <doug@openbsd.org> | 2014-10-11 03:06:44 +0000 |
| commit | 62429de2d75e80b26e68377f02625fcbacaa7119 (patch) | |
| tree | d03d37396eef09d7f9ecd897a5a5c04849c09725 | |
| parent | Userland reallocarray() audit. (diff) | |
| download | wireguard-openbsd-62429de2d75e80b26e68377f02625fcbacaa7119.tar.xz wireguard-openbsd-62429de2d75e80b26e68377f02625fcbacaa7119.zip | |
Userland reallocarray() audit.
Avoid potential integer overflow in the size argument of malloc() and
realloc() by using reallocarray() to avoid unchecked multiplication.
ok deraadt@
| -rw-r--r-- | usr.bin/file/magic.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.bin/file/magic.c b/usr.bin/file/magic.c index 39df3711940..eab02d13832 100644 --- a/usr.bin/file/magic.c +++ b/usr.bin/file/magic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: magic.c,v 1.8 2009/10/27 23:59:37 deraadt Exp $ */ +/* $OpenBSD: magic.c,v 1.9 2014/10/11 03:06:44 doug Exp $ */ /* * Copyright (c) Christos Zoulas 2003. * All Rights Reserved. @@ -106,7 +106,8 @@ magic_open(int flags) ms->o.buf = ms->o.pbuf = NULL; - ms->c.li = malloc((ms->c.len = 10) * sizeof(*ms->c.li)); + ms->c.len = 10; + ms->c.li = reallocarray(NULL, ms->c.len, sizeof(*ms->c.li)); if (ms->c.li == NULL) goto free; |