From 95ba2fbfe01b7471ddc99599bbe028d34433a0d2 Mon Sep 17 00:00:00 2001 From: Markus Friedl Date: Wed, 29 Feb 2012 14:54:40 +0100 Subject: [PATCH] add reallocn() (==xrealloc w/o fatal), use it in deattack.c --- ssh/deattack.c | 4 ++-- ssh/misc.c | 16 ++++++++++++++++ ssh/misc.h | 1 + 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/ssh/deattack.c b/ssh/deattack.c index 40746bf..b307073 100644 --- a/ssh/deattack.c +++ b/ssh/deattack.c @@ -26,6 +26,7 @@ #include "deattack.h" #include "crc32.h" #include "sshbuf.h" +#include "misc.h" /* * CRC attack detection has a worst-case behaviour that is O(N^3) over @@ -115,8 +116,7 @@ detect_attack(u_char *buf, u_int32_t len) n = l; } else { if (l > n) { - if (l == 0 || SIZE_T_MAX / l < HASH_ENTRYSIZE || - (tmp = realloc(h, l * HASH_ENTRYSIZE)) == NULL) { + if ((tmp = reallocn(h, l, HASH_ENTRYSIZE)) == NULL) { free(h); return DEATTACK_ERROR; } diff --git a/ssh/misc.c b/ssh/misc.c index 44db626..01da242 100644 --- a/ssh/misc.c +++ b/ssh/misc.c @@ -977,3 +977,19 @@ iptos2str(int iptos) snprintf(iptos_str, sizeof iptos_str, "0x%02x", iptos); return iptos_str; } + +void * +reallocn(void *ptr, size_t nmemb, size_t size) +{ + void *new_ptr; + size_t new_size = nmemb * size; + + if (new_size == 0 || + SIZE_T_MAX / nmemb < size) + return NULL; + if (ptr == NULL) + new_ptr = malloc(new_size); + else + new_ptr = realloc(ptr, new_size); + return new_ptr; +} diff --git a/ssh/misc.h b/ssh/misc.h index d3b9dbe..ec025a1 100644 --- a/ssh/misc.h +++ b/ssh/misc.h @@ -35,6 +35,7 @@ char *tohex(const void *, size_t); void sanitise_stdfd(void); void ms_subtract_diff(struct timeval *, int *); void ms_to_timeval(struct timeval *, int); +void *reallocn(void *, size_t, size_t); struct passwd *pwcopy(struct passwd *); const char *ssh_gai_strerror(int);