Copy alloc()'s overflow check to aresize().

Suggested by nicm@.
author: mmcc <mmcc@openbsd.org> 2015-10-17 13:27:55 +0000
committer: mmcc <mmcc@openbsd.org> 2015-10-17 13:27:55 +0000
commit: 4f0a1b90705fa96b157bc03b600aaa36a4a41ab8 (patch)
tree: d4b825dd124c614009d9ffaf0f7d282947d8b1a9 /bin/ksh/alloc.c
parent: NUMBOOT is dead! Nuke the variables and abstractions that were used (diff)
download: wireguard-openbsd-4f0a1b90705fa96b157bc03b600aaa36a4a41ab8.tar.xz
wireguard-openbsd-4f0a1b90705fa96b157bc03b600aaa36a4a41ab8.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/bin/ksh/alloc.c b/bin/ksh/alloc.c
index 21128454c68..841b5afe2cf 100644
--- a/bin/ksh/alloc.c
+++ b/bin/ksh/alloc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: alloc.c,v 1.10 2015/10/16 23:13:35 mmcc Exp $	*/
+/*	$OpenBSD: alloc.c,v 1.11 2015/10/17 13:27:55 mmcc Exp $	*/
 /*
  * Copyright (c) 2002 Marc Espie.
  *
@@ -107,6 +107,10 @@ aresize(void *ptr, size_t size, Area *ap)
 	if (ptr == NULL)
 		return alloc(size, ap);
 
+	/* ensure that we don't overflow by allocating space for link */
+	if (size > SIZE_MAX - sizeof(struct link))
+		internal_errorf(1, "unable to allocate memory");
+
 	l = P2L(ptr);
 	lprev = l->prev;
 	lnext = l->next;
author	mmcc <mmcc@openbsd.org>	2015-10-17 13:27:55 +0000
committer	mmcc <mmcc@openbsd.org>	2015-10-17 13:27:55 +0000
commit	4f0a1b90705fa96b157bc03b600aaa36a4a41ab8 (patch)
tree	d4b825dd124c614009d9ffaf0f7d282947d8b1a9 /bin/ksh/alloc.c
parent	NUMBOOT is dead! Nuke the variables and abstractions that were used (diff)
download	wireguard-openbsd-4f0a1b90705fa96b157bc03b600aaa36a4a41ab8.tar.xz wireguard-openbsd-4f0a1b90705fa96b157bc03b600aaa36a4a41ab8.zip