diff options
| author | djm <djm> | 2006-03-26 03:22:47 +0000 |
|---|---|---|
| committer | djm <djm> | 2006-03-26 03:22:47 +0000 |
| commit | 5e5513faf51451ded4af614cb6c6390282690c9b (patch) | |
| tree | 1ae514355b3e707ae4c419a565852b3faa3ee3ff /sftp-client.c | |
| parent | 02eed99ef7f2174344b2a099b5ff4d93a3d5f0f5 (diff) | |
| download | openssh-5e5513faf51451ded4af614cb6c6390282690c9b.tar.gz | |
- djm@cvs.openbsd.org 2006/03/25 01:13:23
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
[sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
[uidswap.c]
change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
to xrealloc(p, new_nmemb, new_itemsize).
realloc is particularly prone to integer overflows because it is
almost always allocating "n * size" bytes, so this is a far safer
API; ok deraadt@
Diffstat (limited to 'sftp-client.c')
| -rw-r--r-- | sftp-client.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/sftp-client.c b/sftp-client.c index c34f919a..8b4d67b5 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -393,8 +393,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, printf("%s\n", longname); if (dir) { - *dir = xrealloc(*dir, sizeof(**dir) * - (ents + 2)); + *dir = xrealloc(*dir, ents + 2, sizeof(**dir)); (*dir)[ents] = xmalloc(sizeof(***dir)); (*dir)[ents]->filename = xstrdup(filename); (*dir)[ents]->longname = xstrdup(longname); |