From b5120bbada1620593d9ea721ca733a0f3cda3c6d Mon Sep 17 00:00:00 2001 From: "Pedro F. Giffuni" Date: Mon, 6 Mar 2017 15:45:46 +0000 Subject: [PATCH] libpam: extra bounds checking through reallocarray(3). Reviewed by: des MFC after: 1 week --- lib/libpam/modules/pam_exec/pam_exec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libpam/modules/pam_exec/pam_exec.c b/lib/libpam/modules/pam_exec/pam_exec.c index d43d181f31e..3cc1c33854c 100644 --- a/lib/libpam/modules/pam_exec/pam_exec.c +++ b/lib/libpam/modules/pam_exec/pam_exec.c @@ -138,7 +138,7 @@ _pam_exec(pam_handle_t *pamh __unused, nitems = sizeof(env_items) / sizeof(*env_items); /* Count PAM return values put in the environment. */ nitems_rv = options->return_prog_exit_status ? PAM_RV_COUNT : 0; - tmp = realloc(envlist, (envlen + nitems + 1 + nitems_rv + 1) * + tmp = reallocarray(envlist, envlen + nitems + 1 + nitems_rv + 1, sizeof(*envlist)); if (tmp == NULL) { openpam_free_envlist(envlist);