- markus@cvs.openbsd.org 2002/11/05 19:45:20

[monitor.c] handle overflows for size_t larger than u_int; siw@goneko.de, bug #425
2002-11-09 15:47:47 +00:00 · 2002-11-09 15:47:47 +00:00 · 41ee2b0d77
parent 9bda7ae4c6
commit 41ee2b0d77
2 changed files with 6 additions and 3 deletions
--- a/5
+++ b/5
@ -16,6 +16,9 @@
   - markus@cvs.openbsd.org 2002/11/04 10:09:51
     [packet.c]
     log before send disconnect; ok djm@
+   - markus@cvs.openbsd.org 2002/11/05 19:45:20
+     [monitor.c]
+     handle overflows for size_t larger than u_int; siw@goneko.de, bug #425

 20021021
 - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from 
@ -793,4 +796,4 @@
     save auth method before monitor_reset_key_state(); bugzilla bug #284;
     ok provos@

-$Id: ChangeLog,v 1.2504 2002/11/09 15:46:24 mouring Exp $
+$Id: ChangeLog,v 1.2505 2002/11/09 15:47:47 mouring Exp $
--- a/monitor.c
+++ b/monitor.c
@ -25,7 +25,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.30 2002/11/05 19:45:20 markus Exp $");

 #include <openssl/dh.h>

@ -1551,7 +1551,7 @@ mm_get_keystate(struct monitor *pmonitor)
 void *
 mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
 {
-	size_t len = size * ncount;
+	size_t len = (size_t) size * ncount;
 	void *address;

 	if (len == 0 || ncount > SIZE_T_MAX / size)