- djm@cvs.openbsd.org 2006/03/25 01:13:23

[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] [uidswap.c] change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
author: Damien Miller <djm@mindrot.org> 2006-03-26 14:22:47 +1100
committer: Damien Miller <djm@mindrot.org> 2006-03-26 14:22:47 +1100
commit: 36812092ecb11a25ca9d6d87fdeaf53e371c5043 (patch)
tree: 257ccc18998146f7f6e6c25cbb0ff9bd6de946a5 /auth-pam.c
parent: 07d86bec5eeaf19fe33dca99c8ebcbe9a77c3938 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/auth-pam.c b/auth-pam.c
index 3d64de76..c12f413e 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -703,7 +703,7 @@ sshpam_query(void *ctx, char **name, char **info,
 		case PAM_PROMPT_ECHO_OFF:
 			*num = 1;
 			len = plen + mlen + 1;
-			**prompts = xrealloc(**prompts, len);
+			**prompts = xrealloc(**prompts, 1, len);
 			strlcpy(**prompts + plen, msg, len - plen);
 			plen += mlen;
 			**echo_on = (type == PAM_PROMPT_ECHO_ON);
@@ -713,7 +713,7 @@ sshpam_query(void *ctx, char **name, char **info,
 		case PAM_TEXT_INFO:
 			/* accumulate messages */
 			len = plen + mlen + 2;
-			**prompts = xrealloc(**prompts, len);
+			**prompts = xrealloc(**prompts, 1, len);
 			strlcpy(**prompts + plen, msg, len - plen);
 			plen += mlen;
 			strlcat(**prompts + plen, "\n", len - plen);
author	Damien Miller <djm@mindrot.org>	2006-03-26 14:22:47 +1100
committer	Damien Miller <djm@mindrot.org>	2006-03-26 14:22:47 +1100
commit	36812092ecb11a25ca9d6d87fdeaf53e371c5043 (patch)
tree	257ccc18998146f7f6e6c25cbb0ff9bd6de946a5 /auth-pam.c
parent	07d86bec5eeaf19fe33dca99c8ebcbe9a77c3938 (diff)