change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to

xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
author: djm <djm@openbsd.org> 2006-03-25 01:13:23 +0000
committer: djm <djm@openbsd.org> 2006-03-25 01:13:23 +0000
commit: 71cb741774126e63b61f46475050c9565c804f9d (patch)
tree: f4433d5e3e45e92fdfba5862f0b86516b30c9a6f /usr.bin/ssh/ssh-rsa.c
parent: introduce xcalloc() and xasprintf() failure-checked allocations functions (diff)
download: wireguard-openbsd-71cb741774126e63b61f46475050c9565c804f9d.tar.xz
wireguard-openbsd-71cb741774126e63b61f46475050c9565c804f9d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/usr.bin/ssh/ssh-rsa.c b/usr.bin/ssh/ssh-rsa.c
index ce4195fead9..55fb7ba5990 100644
--- a/usr.bin/ssh/ssh-rsa.c
+++ b/usr.bin/ssh/ssh-rsa.c
@@ -144,7 +144,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
 		u_int diff = modlen - len;
 		debug("ssh_rsa_verify: add padding: modlen %u > len %u",
 		    modlen, len);
-		sigblob = xrealloc(sigblob, modlen);
+		sigblob = xrealloc(sigblob, 1, modlen);
 		memmove(sigblob + diff, sigblob, len);
 		memset(sigblob, 0, diff);
 		len = modlen;
author	djm <djm@openbsd.org>	2006-03-25 01:13:23 +0000
committer	djm <djm@openbsd.org>	2006-03-25 01:13:23 +0000
commit	71cb741774126e63b61f46475050c9565c804f9d (patch)
tree	f4433d5e3e45e92fdfba5862f0b86516b30c9a6f /usr.bin/ssh/ssh-rsa.c
parent	introduce xcalloc() and xasprintf() failure-checked allocations functions (diff)
download	wireguard-openbsd-71cb741774126e63b61f46475050c9565c804f9d.tar.xz wireguard-openbsd-71cb741774126e63b61f46475050c9565c804f9d.zip