git: c23a589aa145 - stable/14 - cron: Use reallocarray() to prevent integer overflow
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 06 Nov 2025 07:13:02 UTC
The branch stable/14 has been updated by delphij:
URL: https://cgit.FreeBSD.org/src/commit/?id=c23a589aa145d2f14e7141601fec1b38bce9a6bd
commit c23a589aa145d2f14e7141601fec1b38bce9a6bd
Author: Xin LI <delphij@FreeBSD.org>
AuthorDate: 2025-11-03 05:59:46 +0000
Commit: Xin LI <delphij@FreeBSD.org>
CommitDate: 2025-11-06 07:12:52 +0000
cron: Use reallocarray() to prevent integer overflow
Apply OpenBSD env.c,v 1.24 and 1.25, which replaces manual size
calculations with reallocarray() to prevent possible integer
overflow.
(cherry picked from commit 40d21618382108fefa84f8576b14302f65452718)
---
usr.sbin/cron/lib/env.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/usr.sbin/cron/lib/env.c b/usr.sbin/cron/lib/env.c
index 36c5fca12117..b4dcf4ac5325 100644
--- a/usr.sbin/cron/lib/env.c
+++ b/usr.sbin/cron/lib/env.c
@@ -58,7 +58,7 @@ env_copy(char **envp)
for (count = 0; envp[count] != NULL; count++)
;
- p = (char **) malloc((count+1) * sizeof(char *)); /* 1 for the NULL */
+ p = (char **) reallocarray(NULL, count+1, sizeof(char *)); /* 1 for the NULL */
if (p == NULL) {
errno = ENOMEM;
return NULL;
@@ -115,8 +115,7 @@ env_set(char **envp, char *envstr)
* one, save our string over the old null pointer, and return resized
* array.
*/
- p = (char **) realloc((void *) envp,
- (unsigned) ((count+1) * sizeof(char *)));
+ p = (char **) reallocarray(envp, count+1, sizeof(char *));
if (p == NULL) {
/* XXX env_free(envp); */
errno = ENOMEM;