add reallocn() (==xrealloc w/o fatal), use it in deattack.c

ssh/deattack.c

@@ -26,6 +26,7 @@
 #include "deattack.h"
 #include "crc32.h"
 #include "sshbuf.h"
+#include "misc.h"
 
 /*
  * CRC attack detection has a worst-case behaviour that is O(N^3) over
@@ -115,8 +116,7 @@ detect_attack(u_char *buf, u_int32_t len)
 		n = l;
 	} else {
 		if (l > n) {
-			if (l == 0 || SIZE_T_MAX / l < HASH_ENTRYSIZE ||
-			   (tmp = realloc(h, l * HASH_ENTRYSIZE)) == NULL) {
+			if ((tmp = reallocn(h, l, HASH_ENTRYSIZE)) == NULL) {
 				free(h);
 				return DEATTACK_ERROR;
 			}

ssh/misc.c

@@ -977,3 +977,19 @@ iptos2str(int iptos)
 	snprintf(iptos_str, sizeof iptos_str, "0x%02x", iptos);
 	return iptos_str;
 }
+
+void *
+reallocn(void *ptr, size_t nmemb, size_t size)
+{
+	void *new_ptr;
+	size_t new_size = nmemb * size;
+
+	if (new_size == 0 ||
+	    SIZE_T_MAX / nmemb < size)
+		return NULL;
+	if (ptr == NULL)
+		new_ptr = malloc(new_size);
+	else
+		new_ptr = realloc(ptr, new_size);
+	return new_ptr;
+}

ssh/misc.h

@@ -35,6 +35,7 @@ char	*tohex(const void *, size_t);
 void	 sanitise_stdfd(void);
 void	 ms_subtract_diff(struct timeval *, int *);
 void	 ms_to_timeval(struct timeval *, int);
+void	*reallocn(void *, size_t, size_t);
 
 struct passwd *pwcopy(struct passwd *);
 const char *ssh_gai_strerror(int);