strv: add an additional overflow check when enlarging strv()s

author Lennart Poettering <lennart@poettering.net>

Tue, 21 Oct 2014 12:01:28 +0000 (14:01 +0200)

committer Lennart Poettering <lennart@poettering.net>

Tue, 21 Oct 2014 12:01:28 +0000 (14:01 +0200)
author Lennart Poettering <lennart@poettering.net>
Tue, 21 Oct 2014 12:01:28 +0000 (14:01 +0200)
committer Lennart Poettering <lennart@poettering.net>
Tue, 21 Oct 2014 12:01:28 +0000 (14:01 +0200)
diff --git a/src/shared/strv.c b/src/shared/strv.c

index 0df978d23b911f53be7e7c597e01c8b26c28a2a6..efa648df88c1a0857fb9a61c40661e2a69cdf3f6 100644 (file)
--- a/src/shared/strv.c
+++ b/src/shared/strv.c
@@ -380,13 +380,19 @@ char *strv_join_quoted(char **l) {
  
  int strv_push(char ***l, char *value) {
          char **c;
-        unsigned n;
+        unsigned n, m;
  
          if (!value)
                  return 0;
  
          n = strv_length(*l);
-        c = realloc(*l, sizeof(char*) * (n + 2));
+
+        /* increase and check for overflow */
+        m = n + 2;
+        if (m < n)
+                return -ENOMEM;
+
+        c = realloc(*l, sizeof(char*) * (size_t) m);
          if (!c)
                  return -ENOMEM;
  
@@ -399,13 +405,19 @@ int strv_push(char ***l, char *value) {
  
  int strv_push_prepend(char ***l, char *value) {
          char **c;
-        unsigned n, i;
+        unsigned n, m, i;
  
          if (!value)
                  return 0;
  
          n = strv_length(*l);
-        c = new(char*, n + 2);
+
+        /* increase and check for overflow */
+        m = n + 2;
+        if (m < n)
+                return -ENOMEM;
+
+        c = new(char*, m);
          if (!c)
                  return -ENOMEM;
author	Lennart Poettering <lennart@poettering.net>
	Tue, 21 Oct 2014 12:01:28 +0000 (14:01 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Tue, 21 Oct 2014 12:01:28 +0000 (14:01 +0200)