upstream commit

1) Use xcalloc() instead of xmalloc() to check for potential overflow. (Feedback from both mmcc@ and djm@) 2) move set_size just before the for loop. (suggested by djm@) OK djm@ Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213
2025-01-29 13:12:48 +00:00 · 2015-11-16 06:13:04 +00:00 · 2015-11-16 06:13:04 +00:00 · db6f8dc5dd
commit db6f8dc5dd
parent 383f10fb84
1 changed files with 4 additions and 4 deletions
--- a/sftp-server.c
+++ b/sftp-server.c
@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.107 2015/08/20 22:32:42 deraadt Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.108 2015/11/16 06:13:04 logan Exp $ */
 /*
 * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
 *
@ -1631,9 +1631,8 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
 	if ((oqueue = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);

-	set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
-	rset = xmalloc(set_size);
-	wset = xmalloc(set_size);
+	rset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask));
+	wset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask));

 	if (homedir != NULL) {
 		if (chdir(homedir) != 0) {
@ -1642,6 +1641,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
 		}
 	}

+	set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
 	for (;;) {
 		memset(rset, 0, set_size);
 		memset(wset, 0, set_size);