change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to

xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
author: djm <djm@openbsd.org> 2006-03-25 01:13:23 +0000
committer: djm <djm@openbsd.org> 2006-03-25 01:13:23 +0000
commit: 71cb741774126e63b61f46475050c9565c804f9d (patch)
tree: f4433d5e3e45e92fdfba5862f0b86516b30c9a6f /usr.bin/ssh/ssh-agent.c
parent: introduce xcalloc() and xasprintf() failure-checked allocations functions (diff)
download: wireguard-openbsd-71cb741774126e63b61f46475050c9565c804f9d.tar.xz
wireguard-openbsd-71cb741774126e63b61f46475050c9565c804f9d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
index e9d30c181d2..1699a3ebbf4 100644
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -795,7 +795,7 @@ new_socket(sock_type type, int fd)
 		}
 	old_alloc = sockets_alloc;
 	new_alloc = sockets_alloc + 10;
-	sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
+	sockets = xrealloc(sockets, new_alloc, sizeof(sockets[0]));
 	for (i = old_alloc; i < new_alloc; i++)
 		sockets[i].type = AUTH_UNUSED;
 	sockets_alloc = new_alloc;
author	djm <djm@openbsd.org>	2006-03-25 01:13:23 +0000
committer	djm <djm@openbsd.org>	2006-03-25 01:13:23 +0000
commit	71cb741774126e63b61f46475050c9565c804f9d (patch)
tree	f4433d5e3e45e92fdfba5862f0b86516b30c9a6f /usr.bin/ssh/ssh-agent.c
parent	introduce xcalloc() and xasprintf() failure-checked allocations functions (diff)
download	wireguard-openbsd-71cb741774126e63b61f46475050c9565c804f9d.tar.xz wireguard-openbsd-71cb741774126e63b61f46475050c9565c804f9d.zip