From d5ff07b33ce99328c7c19bd3201c0928c950d45b Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 4 Apr 2005 11:29:45 +0000
Subject: (_assuan_calloc): Avoid integer overflow.

---
 src/ChangeLog     |  4 ++++
 src/assuan-util.c | 17 ++++++++++++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 3e04b78..b74f0a1 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2005-04-04  Werner Koch  <wk@g10code.com>
+
+	* assuan-util.c (_assuan_calloc): Avoid integer overflow.
+
 2005-03-22  Werner Koch  <wk@g10code.com>
 
 	* assuan-defs.h (struct assuan_io): Renamed elements READ and
diff --git a/src/assuan-util.c b/src/assuan-util.c
index 43fa91e..2c9299a 100644
--- a/src/assuan-util.c
+++ b/src/assuan-util.c
@@ -1,5 +1,5 @@
 /* assuan-util.c - Utility functions for Assuan 
- * Copyright (C) 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
  *
  * This file is part of Assuan.
  *
@@ -23,6 +23,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <ctype.h>
+#include <errno.h>
 
 #include "assuan-defs.h"
 
@@ -55,9 +56,19 @@ _assuan_realloc (void *a, size_t n)
 void *
 _assuan_calloc (size_t n, size_t m)
 {
-  void *p = _assuan_malloc (n*m);
+  void *p;
+  size_t nbytes;
+    
+  nbytes = n * m;
+  if (m && nbytes / m != n) 
+    {
+      errno = ENOMEM;
+      return NULL;
+    }
+
+  p = _assuan_malloc (nbytes);
   if (p)
-    memset (p, 0, n* m);
+    memset (p, 0, nbytes);
   return p;
 }
 
-- 
cgit v1.2.3