commit 0cbc0ef8319a4b077cf1abc93c498d53eecb68ef
parent b105c46dd05027f2cdb551e721253b3b8319ba16
Author: Rolf Eike Beer <eike@sf-mail.de>
Date: Tue, 12 May 2020 20:03:47 +0200
fix possible overflows in array allocation length calculations
Passing this memory later to alloc_free() is fine as that will detect that it's
not from the static pool and pass it on to the normal memory management
functions.
Diffstat:
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/qmail-local.c b/qmail-local.c
@@ -1,5 +1,6 @@
#include <sys/types.h>
#include <sys/stat.h>
+#include <stdlib.h>
#include "readwrite.h"
#include "sig.h"
#include "env.h"
@@ -633,7 +634,7 @@ char **argv;
i = j + 1;
}
- recips = (char **) alloc((numforward + 1) * sizeof(char *));
+ recips = calloc(numforward + 1, sizeof(char *));
if (!recips) temp_nomem();
numforward = 0;
diff --git a/qmail-pop3d.c b/qmail-pop3d.c
@@ -1,5 +1,6 @@
#include <sys/types.h>
#include <sys/stat.h>
+#include <stdlib.h>
#include <unistd.h>
#include "commands.h"
#include "sig.h"
@@ -139,7 +140,7 @@ void getlist()
if (maildir_scan(&pq,&filenames,1,1) == -1) die_scan();
numm = pq.p ? pq.len : 0;
- m = (struct message *) alloc(numm * sizeof(struct message));
+ m = calloc(numm, sizeof(struct message));
if (!m) die_nomem();
for (i = 0;i < numm;++i) {
