calloc: Use calloc() at most places
This modifies most of the places we do some form of:
X = malloc(Y * Z);
to use calloc(Y, Z) instead.
Among other issues, this fixes:
- allocation of integer overflow in grub_png_decode_image_header()
reported by Chris Coulson,
- allocation of integer overflow in luks_recover_key()
reported by Chris Coulson,
- allocation of integer overflow in grub_lvm_detect()
reported by Chris Coulson.
Fixes: CVE-2020-14308
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Peter Jones
Daniel Kiper
parent
64e26162eb
commit
f725fa7cb2
87 changed files with 179 additions and 178 deletions
|
|
@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n,
|
|||
gcry_mpi_t mpi;
|
||||
char *label;
|
||||
|
||||
data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n);
|
||||
data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new));
|
||||
if (! data_mpis_new)
|
||||
{
|
||||
err = gcry_error_from_errno (errno);
|
||||
|
|
@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
|
|||
}
|
||||
|
||||
/* Add MPI list. */
|
||||
arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1));
|
||||
arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list));
|
||||
if (! arg_list)
|
||||
{
|
||||
err = gcry_error_from_errno (errno);
|
||||
|
|
@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifier, int include_flags,
|
|||
/* We build a list of arguments to pass to
|
||||
gcry_sexp_build_array(). */
|
||||
data_length = _gcry_ac_data_length (data);
|
||||
arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2));
|
||||
arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2);
|
||||
if (! arg_list)
|
||||
{
|
||||
err = gcry_error_from_errno (errno);
|
||||
|
|
@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits,
|
|||
arg_list_n += 2;
|
||||
|
||||
/* Allocate list. */
|
||||
arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n);
|
||||
arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list));
|
||||
if (! arg_list)
|
||||
{
|
||||
err = gcry_error_from_errno (errno);
|
||||
|
|
|
|||
|
|
@ -383,7 +383,7 @@ prime_generate_internal (int need_q_factor,
|
|||
}
|
||||
|
||||
/* Allocate an array to track pool usage. */
|
||||
pool_in_use = gcry_malloc (n * sizeof *pool_in_use);
|
||||
pool_in_use = gcry_calloc (n, sizeof *pool_in_use);
|
||||
if (!pool_in_use)
|
||||
{
|
||||
err = gpg_err_code_from_errno (errno);
|
||||
|
|
@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel,
|
|||
if (nbits < 16)
|
||||
log_fatal ("can't generate a prime with less than %d bits\n", 16);
|
||||
|
||||
mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods );
|
||||
mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods);
|
||||
/* Make nbits fit into gcry_mpi_t implementation. */
|
||||
val_2 = mpi_alloc_set_ui( 2 );
|
||||
val_3 = mpi_alloc_set_ui( 3);
|
||||
|
|
|
|||
|
|
@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey)
|
|||
* array to a format string, so we have to do it this way :-(. */
|
||||
/* FIXME: There is now such a format specifier, so we can
|
||||
change the code to be more clear. */
|
||||
arg_list = malloc (nelem * sizeof *arg_list);
|
||||
arg_list = calloc (nelem, sizeof *arg_list);
|
||||
if (!arg_list)
|
||||
{
|
||||
rc = gpg_err_code_from_syserror ();
|
||||
|
|
@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey)
|
|||
}
|
||||
strcpy (p, "))");
|
||||
|
||||
arg_list = malloc (nelem * sizeof *arg_list);
|
||||
arg_list = calloc (nelem, sizeof *arg_list);
|
||||
if (!arg_list)
|
||||
{
|
||||
rc = gpg_err_code_from_syserror ();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue