- djm@cvs.openbsd.org 2006/03/25 01:13:23

[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] [uidswap.c] change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
author: Damien Miller <djm@mindrot.org> 2006-03-26 05:22:47 +0200
committer: Damien Miller <djm@mindrot.org> 2006-03-26 05:22:47 +0200
commit: 36812092ecb11a25ca9d6d87fdeaf53e371c5043 (patch)
tree: 257ccc18998146f7f6e6c25cbb0ff9bd6de946a5 /deattack.c
parent: - djm@cvs.openbsd.org 2006/03/25 00:05:41 (diff)
download: openssh-36812092ecb11a25ca9d6d87fdeaf53e371c5043.tar.xz
openssh-36812092ecb11a25ca9d6d87fdeaf53e371c5043.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/deattack.c b/deattack.c
index 746ff5d43..ff9ca4dd5 100644
--- a/deattack.c
+++ b/deattack.c
@@ -97,7 +97,7 @@ detect_attack(u_char *buf, u_int32_t len)
 		n = l;
 	} else {
 		if (l > n) {
-			h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
+			h = (u_int16_t *)xrealloc(h, l, HASH_ENTRYSIZE);
 			n = l;
 		}
 	}
author	Damien Miller <djm@mindrot.org>	2006-03-26 05:22:47 +0200
committer	Damien Miller <djm@mindrot.org>	2006-03-26 05:22:47 +0200
commit	36812092ecb11a25ca9d6d87fdeaf53e371c5043 (patch)
tree	257ccc18998146f7f6e6c25cbb0ff9bd6de946a5 /deattack.c
parent	- djm@cvs.openbsd.org 2006/03/25 00:05:41 (diff)
download	openssh-36812092ecb11a25ca9d6d87fdeaf53e371c5043.tar.xz openssh-36812092ecb11a25ca9d6d87fdeaf53e371c5043.zip