use reallocarray() to detect int overflow; ok doug

author: deraadt <deraadt@openbsd.org> 2014-10-08 04:26:54 +0000
committer: deraadt <deraadt@openbsd.org> 2014-10-08 04:26:54 +0000
commit: 86c5fefb5e8aad0ffddf299efdbb5fb3684efd41 (patch)
tree: 7e3b63f0b43df7ac57163e70192d48c05d02e4b7 /usr.sbin/installboot
parent: use reallocarray() to cope with multiplicative integer overflow; ok doug (diff)
download: wireguard-openbsd-86c5fefb5e8aad0ffddf299efdbb5fb3684efd41.tar.xz
wireguard-openbsd-86c5fefb5e8aad0ffddf299efdbb5fb3684efd41.zip
1 files changed, 3 insertions, 4 deletions
diff --git a/usr.sbin/installboot/i386_installboot.c b/usr.sbin/installboot/i386_installboot.c
index f1a4dec559f..3512f9a5811 100644
--- a/usr.sbin/installboot/i386_installboot.c
+++ b/usr.sbin/installboot/i386_installboot.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: i386_installboot.c,v 1.5 2014/07/08 17:19:26 deraadt Exp $	*/
+/*	$OpenBSD: i386_installboot.c,v 1.6 2014/10/08 04:26:54 deraadt Exp $	*/
 /*	$NetBSD: installboot.c,v 1.5 1995/11/17 23:23:50 gwr Exp $ */
 
 /*
@@ -310,11 +310,10 @@ loadproto(char *fname, long *size)
 		errx(1, "%s: %u ELF load sections (only support 1)",
 		    fname, eh.e_phnum);
 
-	phsize = eh.e_phnum * sizeof(Elf_Phdr);
-	ph = malloc(phsize);
+	ph = reallocarray(NULL, eh.e_phnum, sizeof(Elf_Phdr));
 	if (ph == NULL)
 		err(1, NULL);
-
+	phsize = eh.e_phnum * sizeof(Elf_Phdr);
 	lseek(fd, eh.e_phoff, SEEK_SET);
 
 	if (read(fd, ph, phsize) != phsize)
author	deraadt <deraadt@openbsd.org>	2014-10-08 04:26:54 +0000
committer	deraadt <deraadt@openbsd.org>	2014-10-08 04:26:54 +0000
commit	86c5fefb5e8aad0ffddf299efdbb5fb3684efd41 (patch)
tree	7e3b63f0b43df7ac57163e70192d48c05d02e4b7 /usr.sbin/installboot
parent	use reallocarray() to cope with multiplicative integer overflow; ok doug (diff)
download	wireguard-openbsd-86c5fefb5e8aad0ffddf299efdbb5fb3684efd41.tar.xz wireguard-openbsd-86c5fefb5e8aad0ffddf299efdbb5fb3684efd41.zip