diff options
author | Jacques Vidrine <nectar@FreeBSD.org> | 2003-09-17 14:36:14 +0000 |
---|---|---|
committer | Jacques Vidrine <nectar@FreeBSD.org> | 2003-09-17 14:36:14 +0000 |
commit | 454412956c9191084e9312726d20adee8f02323c (patch) | |
tree | 654d904875f0c962dcf10e4f5525cf53192475e6 /crypto | |
parent | 8947bcb7563b1a4e31be4bd15c07393000b6089f (diff) | |
download | src-454412956c9191084e9312726d20adee8f02323c.tar.gz src-454412956c9191084e9312726d20adee8f02323c.zip |
Correct more cases of allocation size bookkeeping being updated before
calling functions which can potentially fail and cause cleanups to be
invoked.
Submitted by: Solar Designer <solar@openwall.com>
Notes
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=120161
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/openssh/deattack.c | 4 | ||||
-rw-r--r-- | crypto/openssh/misc.c | 11 |
2 files changed, 9 insertions, 6 deletions
diff --git a/crypto/openssh/deattack.c b/crypto/openssh/deattack.c index 0442501e7a17..7bf2749fceb3 100644 --- a/crypto/openssh/deattack.c +++ b/crypto/openssh/deattack.c @@ -100,12 +100,12 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV) if (h == NULL) { debug("Installing crc compensation attack detector."); + h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE); n = l; - h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE); } else { if (l > n) { + h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE); n = l; - h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE); } } diff --git a/crypto/openssh/misc.c b/crypto/openssh/misc.c index 512fb22fbe5a..84c94f9b63b8 100644 --- a/crypto/openssh/misc.c +++ b/crypto/openssh/misc.c @@ -308,18 +308,21 @@ addargs(arglist *args, char *fmt, ...) { va_list ap; char buf[1024]; + int nalloc; va_start(ap, fmt); vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); + nalloc = args->nalloc; if (args->list == NULL) { - args->nalloc = 32; + nalloc = 32; args->num = 0; - } else if (args->num+2 >= args->nalloc) - args->nalloc *= 2; + } else if (args->num+2 >= nalloc) + nalloc *= 2; - args->list = xrealloc(args->list, args->nalloc * sizeof(char *)); + args->list = xrealloc(args->list, nalloc * sizeof(char *)); + args->nalloc = nalloc; args->list[args->num++] = xstrdup(buf); args->list[args->num] = NULL; } |