diff options
author | nectar <nectar@FreeBSD.org> | 2003-09-17 14:36:14 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2003-09-17 14:36:14 +0000 |
commit | 0689a1c0d3a7bf6f827a1f7ee07bdb8d1e3c1fb1 (patch) | |
tree | 654d904875f0c962dcf10e4f5525cf53192475e6 /crypto | |
parent | 8cd211c5614d04163ef750283efd53dd2f129e68 (diff) | |
download | FreeBSD-src-0689a1c0d3a7bf6f827a1f7ee07bdb8d1e3c1fb1.zip FreeBSD-src-0689a1c0d3a7bf6f827a1f7ee07bdb8d1e3c1fb1.tar.gz |
Correct more cases of allocation size bookkeeping being updated before
calling functions which can potentially fail and cause cleanups to be
invoked.
Submitted by: Solar Designer <solar@openwall.com>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/openssh/deattack.c | 4 | ||||
-rw-r--r-- | crypto/openssh/misc.c | 11 |
2 files changed, 9 insertions, 6 deletions
diff --git a/crypto/openssh/deattack.c b/crypto/openssh/deattack.c index 0442501..7bf2749 100644 --- a/crypto/openssh/deattack.c +++ b/crypto/openssh/deattack.c @@ -100,12 +100,12 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV) if (h == NULL) { debug("Installing crc compensation attack detector."); + h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE); n = l; - h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE); } else { if (l > n) { + h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE); n = l; - h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE); } } diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c index 512fb22..84c94f9 100644 --- a/crypto/openssh/misc.c +++ b/crypto/openssh/misc.c @@ -308,18 +308,21 @@ addargs(arglist *args, char *fmt, ...) { va_list ap; char buf[1024]; + int nalloc; va_start(ap, fmt); vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); + nalloc = args->nalloc; if (args->list == NULL) { - args->nalloc = 32; + nalloc = 32; args->num = 0; - } else if (args->num+2 >= args->nalloc) - args->nalloc *= 2; + } else if (args->num+2 >= nalloc) + nalloc *= 2; - args->list = xrealloc(args->list, args->nalloc * sizeof(char *)); + args->list = xrealloc(args->list, nalloc * sizeof(char *)); + args->nalloc = nalloc; args->list[args->num++] = xstrdup(buf); args->list[args->num] = NULL; } |