Correct more cases of allocation size bookkeeping being updated before

calling functions which can potentially fail and cause cleanups to be invoked. Submitted by: Solar Designer <solar@openwall.com>
2003-09-17 14:36:14 +00:00 · 2003-09-17 14:36:14 +00:00 · 454412956c
commit 454412956c
parent 8947bcb756
2 changed files with 9 additions and 6 deletions
--- a/crypto/openssh/deattack.c
+++ b/crypto/openssh/deattack.c
@ -100,12 +100,12 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)

 	if (h == NULL) {
 		debug("Installing crc compensation attack detector.");
+		h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
 		n = l;
-		h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE);
 	} else {
 		if (l > n) {
+			h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
 			n = l;
-			h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE);
 		}
 	}

--- a/crypto/openssh/misc.c
+++ b/crypto/openssh/misc.c
@ -308,18 +308,21 @@ addargs(arglist *args, char *fmt, ...)
 {
 	va_list ap;
 	char buf[1024];
+	int nalloc;

 	va_start(ap, fmt);
 	vsnprintf(buf, sizeof(buf), fmt, ap);
 	va_end(ap);

+	nalloc = args->nalloc;
 	if (args->list == NULL) {
-		args->nalloc = 32;
+		nalloc = 32;
 		args->num = 0;
-	} else if (args->num+2 >= args->nalloc)
-		args->nalloc *= 2;
+	} else if (args->num+2 >= nalloc)
+		nalloc *= 2;

-	args->list = xrealloc(args->list, args->nalloc * sizeof(char *));
+	args->list = xrealloc(args->list, nalloc * sizeof(char *));
+	args->nalloc = nalloc;
 	args->list[args->num++] = xstrdup(buf);
 	args->list[args->num] = NULL;
 }