From d3e387eb9c38650a0698bbaf39a0621027f92c45 Mon Sep 17 00:00:00 2001 From: David Oberhollenzer Date: Sun, 25 Aug 2019 13:47:08 +0200 Subject: Size accounting + alloc() overflow checking, round #3 Signed-off-by: David Oberhollenzer --- lib/fstree/xattr.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) (limited to 'lib') diff --git a/lib/fstree/xattr.c b/lib/fstree/xattr.c index 449ef45..c37c734 100644 --- a/lib/fstree/xattr.c +++ b/lib/fstree/xattr.c @@ -7,10 +7,12 @@ #include "config.h" #include "fstree.h" +#include "util.h" #include #include #include +#include static void remove_from_list(fstree_t *fs, tree_xattr_t *xattr) { @@ -34,24 +36,31 @@ static tree_xattr_t *grow_xattr_block(tree_xattr_t *xattr) void *new; if (xattr != NULL) { - new_count = xattr->max_attr * 2; + if (SZ_MUL_OV(xattr->max_attr, 2, &new_count)) + goto fail_ov; old_size = sizeof(*xattr) + sizeof(uint64_t) * xattr->max_attr; } - new_size = sizeof(*xattr) + sizeof(uint64_t) * new_count; - new = realloc(xattr, new_size); - - if (new == NULL) { - perror("adding extended attributes"); - free(xattr); - return NULL; + if (SZ_MUL_OV(sizeof(uint64_t), new_count, &new_size) || + SZ_ADD_OV(sizeof(*xattr), new_size, &new_size)) { + goto fail_ov; } + new = realloc(xattr, new_size); + if (new == NULL) + goto fail; + memset((char *)new + old_size, 0, new_size - old_size); xattr = new; xattr->max_attr = new_count; return xattr; +fail_ov: + errno = EOVERFLOW; +fail: + perror("adding extended attributes"); + free(xattr); + return NULL; } int fstree_add_xattr(fstree_t *fs, tree_node_t *node, -- cgit v1.2.3