user/5068: realloc -> calloc in ntp.c

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

user/5068: realloc -> calloc in ntp.c

Alexander Farber
>Number:         5068
>Category:       user
>Synopsis:       Use calloc() instead of realloc() in ntp.c
>Confidential:   yes
>Severity:       non-critical
>Priority:       medium
>Responsible:    bugs
>State:          open
>Quarter:        
>Keywords:      
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 04 08:50:02 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     A. Farber
>Release:        -current
>Organization:
net
>Environment:
       
        System      : OpenBSD 3.9
        Architecture: OpenBSD.i386
        Machine     : i386
>Description:
        Use calloc() instead of realloc() in /usr/src/usr.sbin/ntpd/ntp.c to prevent an integer overflow

>How-To-Repeat:
        n/a
>Fix:

--- ntp.c.OLD Tue Apr  4 11:12:51 2006
+++ ntp.c Tue Apr  4 11:21:49 2006
@@ -75,7 +75,6 @@
  struct timespec tp;
  struct stat stb;
  time_t nextaction;
- void *newp;
 
  switch (pid = fork()) {
  case -1:
@@ -154,32 +153,29 @@
 
  while (ntp_quit == 0) {
  if (peer_cnt > idx2peer_elms) {
- if ((newp = realloc(idx2peer, sizeof(void *) *
-    peer_cnt)) == NULL) {
+ free(idx2peer);
+ if ((idx2peer = calloc(peer_cnt, sizeof(*idx2peer)))
+    == NULL) {
  /* panic for now */
  log_warn("could not resize idx2peer from %u -> "
     "%u entries", idx2peer_elms, peer_cnt);
  fatalx("exiting");
  }
- idx2peer = newp;
  idx2peer_elms = peer_cnt;
  }
 
  new_cnt = PFD_MAX + peer_cnt + listener_cnt;
  if (new_cnt > pfd_elms) {
- if ((newp = realloc(pfd, sizeof(struct pollfd) *
-    new_cnt)) == NULL) {
+ free(pfd);
+ if ((pfd = calloc(new_cnt, sizeof(*pfd))) == NULL) {
  /* panic for now */
  log_warn("could not resize pfd from %u -> "
     "%u entries", pfd_elms, new_cnt);
  fatalx("exiting");
  }
- pfd = newp;
  pfd_elms = new_cnt;
  }
 
- bzero(pfd, sizeof(struct pollfd) * pfd_elms);
- bzero(idx2peer, sizeof(void *) * idx2peer_elms);
  nextaction = time(NULL) + 3600;
  pfd[PFD_PIPE_MAIN].fd = ibuf_main->fd;
  pfd[PFD_PIPE_MAIN].events = POLLIN;


>Release-Note:
>Audit-Trail:
>Unformatted: