summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2003-09-17 14:36:14 +0000
committernectar <nectar@FreeBSD.org>2003-09-17 14:36:14 +0000
commit0689a1c0d3a7bf6f827a1f7ee07bdb8d1e3c1fb1 (patch)
tree654d904875f0c962dcf10e4f5525cf53192475e6 /crypto
parent8cd211c5614d04163ef750283efd53dd2f129e68 (diff)
downloadFreeBSD-src-0689a1c0d3a7bf6f827a1f7ee07bdb8d1e3c1fb1.zip
FreeBSD-src-0689a1c0d3a7bf6f827a1f7ee07bdb8d1e3c1fb1.tar.gz
Correct more cases of allocation size bookkeeping being updated before
calling functions which can potentially fail and cause cleanups to be invoked. Submitted by: Solar Designer <solar@openwall.com>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/openssh/deattack.c4
-rw-r--r--crypto/openssh/misc.c11
2 files changed, 9 insertions, 6 deletions
diff --git a/crypto/openssh/deattack.c b/crypto/openssh/deattack.c
index 0442501..7bf2749 100644
--- a/crypto/openssh/deattack.c
+++ b/crypto/openssh/deattack.c
@@ -100,12 +100,12 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
if (h == NULL) {
debug("Installing crc compensation attack detector.");
+ h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
n = l;
- h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE);
} else {
if (l > n) {
+ h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
n = l;
- h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE);
}
}
diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c
index 512fb22..84c94f9 100644
--- a/crypto/openssh/misc.c
+++ b/crypto/openssh/misc.c
@@ -308,18 +308,21 @@ addargs(arglist *args, char *fmt, ...)
{
va_list ap;
char buf[1024];
+ int nalloc;
va_start(ap, fmt);
vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
+ nalloc = args->nalloc;
if (args->list == NULL) {
- args->nalloc = 32;
+ nalloc = 32;
args->num = 0;
- } else if (args->num+2 >= args->nalloc)
- args->nalloc *= 2;
+ } else if (args->num+2 >= nalloc)
+ nalloc *= 2;
- args->list = xrealloc(args->list, args->nalloc * sizeof(char *));
+ args->list = xrealloc(args->list, nalloc * sizeof(char *));
+ args->nalloc = nalloc;
args->list[args->num++] = xstrdup(buf);
args->list[args->num] = NULL;
}
OpenPOWER on IntegriCloud