Mercurial > dropbear
changeset 1365:9aa6cd66b51d fuzz
zlib can use m_malloc/m_free too
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 22 May 2017 22:09:26 +0800 |
parents | 17104db7928c |
children | a91466491d5b |
files | common-kex.c dbmalloc.c dbmalloc.h |
diffstat | 3 files changed, 15 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/common-kex.c Sun May 21 18:53:44 2017 +0800 +++ b/common-kex.c Mon May 22 22:09:26 2017 +0800 @@ -391,6 +391,14 @@ && ses.keys->recv.algo_comp == DROPBEAR_COMP_ZLIB_DELAY); } +static void* dropbear_zalloc(void* UNUSED(opaque), uInt items, uInt size) { + return m_calloc(items, size); +} + +static void dropbear_zfree(void* UNUSED(opaque), void* ptr) { + m_free(ptr); +} + /* Set up new zlib compression streams, close the old ones. Only * called from gen_new_keys() */ static void gen_new_zstream_recv() { @@ -399,11 +407,10 @@ if (ses.newkeys->recv.algo_comp == DROPBEAR_COMP_ZLIB || ses.newkeys->recv.algo_comp == DROPBEAR_COMP_ZLIB_DELAY) { ses.newkeys->recv.zstream = (z_streamp)m_malloc(sizeof(z_stream)); - ses.newkeys->recv.zstream->zalloc = Z_NULL; - ses.newkeys->recv.zstream->zfree = Z_NULL; + ses.newkeys->recv.zstream->zalloc = dropbear_zalloc; + ses.newkeys->recv.zstream->zfree = dropbear_zfree; if (inflateInit(ses.newkeys->recv.zstream) != Z_OK) { - m_free(ses.newkeys->recv.zstream); dropbear_exit("zlib error"); } } else { @@ -424,8 +431,8 @@ if (ses.newkeys->trans.algo_comp == DROPBEAR_COMP_ZLIB || ses.newkeys->trans.algo_comp == DROPBEAR_COMP_ZLIB_DELAY) { ses.newkeys->trans.zstream = (z_streamp)m_malloc(sizeof(z_stream)); - ses.newkeys->trans.zstream->zalloc = Z_NULL; - ses.newkeys->trans.zstream->zfree = Z_NULL; + ses.newkeys->trans.zstream->zalloc = dropbear_zalloc; + ses.newkeys->trans.zstream->zfree = dropbear_zfree; if (deflateInit2(ses.newkeys->trans.zstream, Z_DEFAULT_COMPRESSION, Z_DEFLATED, DROPBEAR_ZLIB_WINDOW_BITS,
--- a/dbmalloc.c Sun May 21 18:53:44 2017 +0800 +++ b/dbmalloc.c Mon May 22 22:09:26 2017 +0800 @@ -77,7 +77,9 @@ } void * m_calloc(size_t nmemb, size_t size) { - assert(nmemb <= 1000 && size <= 10000); + if (SIZE_T_MAX / nmemb < size) { + dropbear_exit("m_calloc failed"); + } return m_malloc(nmemb*size); }
--- a/dbmalloc.h Sun May 21 18:53:44 2017 +0800 +++ b/dbmalloc.h Mon May 22 22:09:26 2017 +0800 @@ -4,7 +4,6 @@ #include "includes.h" void * m_malloc(size_t size); -/* m_calloc is limited in size, enough for libtomcrypt */ void * m_calloc(size_t nmemb, size_t size); void * m_strdup(const char * str); void * m_realloc(void* ptr, size_t size);