From 36812092ecb11a25ca9d6d87fdeaf53e371c5043 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 26 Mar 2006 14:22:47 +1100
Subject:    - djm@cvs.openbsd.org 2006/03/25 01:13:23      [buffer.c
 channels.c deattack.c misc.c scp.c session.c sftp-client.c]     
 [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]     
 [uidswap.c]      change OpenSSH's xrealloc() function from being xrealloc(p,
 new_size)      to xrealloc(p, new_nmemb, new_itemsize).

     realloc is particularly prone to integer overflows because it is
     almost always allocating "n * size" bytes, so this is a far safer
     API; ok deraadt@
---
 deattack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'deattack.c')

diff --git a/deattack.c b/deattack.c
index 746ff5d4..ff9ca4dd 100644
--- a/deattack.c
+++ b/deattack.c
@@ -97,7 +97,7 @@ detect_attack(u_char *buf, u_int32_t len)
 		n = l;
 	} else {
 		if (l > n) {
-			h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
+			h = (u_int16_t *)xrealloc(h, l, HASH_ENTRYSIZE);
 			n = l;
 		}
 	}
-- 
cgit v1.2.3