search for: malloc_ai

...at/fake-rfc2553.c openssh-sshfp/openbsd-compat/fake-rfc2553.c --- openssh/openbsd-compat/fake-rfc2553.c 2008-07-14 13:37:37.000000000 +0200 +++ openssh-sshfp/openbsd-compat/fake-rfc2553.c 2010-11-28 12:01:24.574267973 +0100 @@ -121,15 +121,23 @@ #ifndef HAVE_GETADDRINFO static struct -addrinfo *malloc_ai(int port, u_long addr, const struct addrinfo *hints) +addrinfo *malloc_ai(int port, u_long addr, const struct addrinfo *hints, + const char *canonname) { struct addrinfo *ai; + int len = sizeof(*ai) + sizeof(struct sockaddr_in); + int canonlen = 0; - ai = malloc(sizeof(*ai) + sizeof(struct...

...= NULL) { memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); ai->ai_addr = (struct sockaddr *)(ai + 1); /* XXX -- ssh doesn't use sa_len */ @@ -83,25 +83,27 @@ else port = 0; if (hints && hints->ai_flags & AI_PASSIVE) - if (*res = malloc_ai(port, htonl(0x00000000))) + if ((*res = malloc_ai(port, htonl(0x00000000))) != NULL) return 0; else return EAI_MEMORY; - if (!hostname) - if (*res = malloc_ai(port, htonl(0x7f000001))) + if (!hostname) { + if ((*res = malloc_ai(port, htonl(0x7f000001))) != NULL)...

...= NULL) { memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); ai->ai_addr = (struct sockaddr *)(ai + 1); /* XXX -- ssh doesn't use sa_len */ @@ -83,25 +83,27 @@ else port = 0; if (hints && hints->ai_flags & AI_PASSIVE) - if (*res = malloc_ai(port, htonl(0x00000000))) + if ((*res = malloc_ai(port, htonl(0x00000000))) != NULL) return 0; else return EAI_MEMORY; - if (!hostname) - if (*res = malloc_ai(port, htonl(0x7f000001))) + if (!hostname) { + if ((*res = malloc_ai(port, htonl(0x7f000001))) != NULL)...

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));