git: 40d216183821 - main - cron: Use reallocarray() to prevent integer overflow
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 03 Nov 2025 06:16:50 UTC
The branch main has been updated by delphij:
URL: https://cgit.FreeBSD.org/src/commit/?id=40d21618382108fefa84f8576b14302f65452718
commit 40d21618382108fefa84f8576b14302f65452718
Author: Xin LI <delphij@FreeBSD.org>
AuthorDate: 2025-11-03 05:59:46 +0000
Commit: Xin LI <delphij@FreeBSD.org>
CommitDate: 2025-11-03 05:59:46 +0000
cron: Use reallocarray() to prevent integer overflow
Apply OpenBSD env.c,v 1.24 and 1.25, which replaces manual size
calculations with reallocarray() to prevent possible integer
overflow.
MFC after: 3 days
---
usr.sbin/cron/lib/env.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/usr.sbin/cron/lib/env.c b/usr.sbin/cron/lib/env.c
index 287dd8636293..5a2d7ad60756 100644
--- a/usr.sbin/cron/lib/env.c
+++ b/usr.sbin/cron/lib/env.c
@@ -55,7 +55,7 @@ env_copy(char **envp)
for (count = 0; envp[count] != NULL; count++)
;
- p = (char **) malloc((count+1) * sizeof(char *)); /* 1 for the NULL */
+ p = (char **) reallocarray(NULL, count+1, sizeof(char *)); /* 1 for the NULL */
if (p == NULL) {
errno = ENOMEM;
return NULL;
@@ -112,8 +112,7 @@ env_set(char **envp, char *envstr)
* one, save our string over the old null pointer, and return resized
* array.
*/
- p = (char **) realloc((void *) envp,
- (unsigned) ((count+1) * sizeof(char *)));
+ p = (char **) reallocarray(envp, count+1, sizeof(char *));
if (p == NULL) {
/* XXX env_free(envp); */
errno = ENOMEM;