summaryrefslogtreecommitdiff
path: root/ssh-rsa.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2006-03-26 14:22:47 +1100
committerDamien Miller <djm@mindrot.org>2006-03-26 14:22:47 +1100
commit36812092ecb11a25ca9d6d87fdeaf53e371c5043 (patch)
tree257ccc18998146f7f6e6c25cbb0ff9bd6de946a5 /ssh-rsa.c
parent07d86bec5eeaf19fe33dca99c8ebcbe9a77c3938 (diff)
- djm@cvs.openbsd.org 2006/03/25 01:13:23
[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] [uidswap.c] change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
Diffstat (limited to 'ssh-rsa.c')
-rw-r--r--ssh-rsa.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/ssh-rsa.c b/ssh-rsa.c
index ce4195fe..55fb7ba5 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -144,7 +144,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
u_int diff = modlen - len;
debug("ssh_rsa_verify: add padding: modlen %u > len %u",
modlen, len);
- sigblob = xrealloc(sigblob, modlen);
+ sigblob = xrealloc(sigblob, 1, modlen);
memmove(sigblob + diff, sigblob, len);
memset(sigblob, 0, diff);
len = modlen;