common: Use reallocarray instead of realloc as appropriate

reallocarray is a new POSIX function added in glibc 2.26, with
built-in overflow checks.  Take advantage of that function for
internal array allocation.

diff --git a/common/array.c b/common/array.c
index 185ea2ff1ba61ade5d4bd3503e15f70ce0792729..61244750a65a9c39db250dba6c83df023563ed17 100644 (file)
--- a/common/array.c
+++ b/common/array.c
@@ -49,13 +49,16 @@ maybe_expand_array (p11_array *array,
                return true;
 
 
-       new_allocated = array->allocated * 2;
-       if (new_allocated == 0)
+       if (array->allocated == 0)
                new_allocated = 16;
+       else {
+               return_val_if_fail (SIZE_MAX / array->allocated >= 2, false);
+               new_allocated = array->allocated * 2;
+       }
        if (new_allocated < length)
                new_allocated = length;
 
-       new_memory = realloc (array->elem, new_allocated * sizeof (void*));
+       new_memory = reallocarray (array->elem, new_allocated, sizeof (void*));
        return_val_if_fail (new_memory != NULL, false);
 
        array->elem = new_memory;

diff --git a/common/attrs.c b/common/attrs.c
index 5a138a876ad7c10d620cc609de06da51a0c1e5a4..aa91891ce74e4b41ed459910c423147fb7e782f7 100644 (file)
--- a/common/attrs.c
+++ b/common/attrs.c
@@ -101,12 +101,15 @@ attrs_build (CK_ATTRIBUTE *attrs,
        CK_ULONG at;
        CK_ULONG j;
        CK_ULONG i;
+       size_t length;
 
        /* How many attributes we already have */
        current = p11_attrs_count (attrs);
 
        /* Reallocate for how many we need */
-       attrs = realloc (attrs, (current + count_to_add + 1) * sizeof (CK_ATTRIBUTE));
+       length = current + count_to_add;
+       return_val_if_fail (current <= length && length < SIZE_MAX, NULL);
+       attrs = reallocarray (attrs, length + 1, sizeof (CK_ATTRIBUTE));
        return_val_if_fail (attrs != NULL, NULL);
 
        at = current;

diff --git a/common/compat.c b/common/compat.c
index 692e2ca1ade20e9f07a12aea7fc58c7bee223b0f..31147242b2c38b815b9d128c0fa4943cf1545863 100644 (file)
--- a/common/compat.c
+++ b/common/compat.c
@@ -487,6 +487,23 @@ strndup (const char *data,
 
 #endif /* HAVE_STRNDUP */
 
+#ifndef HAVE_REALLOCARRAY
+
+void *
+reallocarray (void *ptr,
+             size_t nmemb,
+             size_t size)
+{
+       assert (nmemb > 0 && size > 0);
+       if (SIZE_MAX / nmemb < size) {
+               errno = ENOMEM;
+               return NULL;
+       }
+       return realloc (ptr, nmemb * size);
+}
+
+#endif /* HAVE_MEMDUP */
+
 #ifndef HAVE_STRCONCAT
 
 #include <stdarg.h>

diff --git a/common/compat.h b/common/compat.h
index b021494dd6bd24be48293ef17c882ca777a41b8e..a9d2fe184ba7bc5221e324461993d1268347200c 100644 (file)
--- a/common/compat.h
+++ b/common/compat.h
@@ -258,6 +258,14 @@ char *     strndup          (const char *data,
 
 #endif /* HAVE_STRDUP */
 
+#ifndef HAVE_REALLOCARRAY
+
+void *     reallocarray     (void *ptr,
+                             size_t nmemb,
+                             size_t size);
+
+#endif /* HAVE_REALLOCARRAY */
+
 #ifdef HAVE_STDBOOL_H
 #include <stdbool.h>
 #else

diff --git a/configure.ac b/configure.ac
index 89e5f993e3d4307c1bac89bbf3986125dd038093..856a37c51ca3faa0de17b93d31036621a70d446e 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -101,6 +101,7 @@ if test "$os_unix" = "yes"; then
        AC_CHECK_FUNCS([getprogname getexecname basename mkstemp mkdtemp])
        AC_CHECK_FUNCS([getauxval issetugid getresuid secure_getenv])
        AC_CHECK_FUNCS([strnstr memdup strndup strerror_l strerror_r])
+       AC_CHECK_FUNCS([reallocarray])
        AC_CHECK_FUNCS([fdwalk])
        AC_CHECK_FUNCS([setenv])
        AC_CHECK_FUNCS([getpeereid])