From: logan@openbsd.org <logan@openbsd.org>
Date: Mon, 16 Nov 2015 06:13:04 +0000 (+0000)
Subject: upstream commit
X-Git-Tag: V_7_2_P1~109
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db6f8dc5dd5655b59368efd074994d4568bc3556;p=thirdparty%2Fopenssh-portable.git

upstream commit

1) Use xcalloc() instead of xmalloc() to check for
 potential overflow.    (Feedback from both mmcc@ and djm@) 2) move set_size
 just before the for loop. (suggested by djm@)

OK djm@

Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213
---

diff --git a/sftp-server.c b/sftp-server.c
index eac11d7e6..62e76a505 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.107 2015/08/20 22:32:42 deraadt Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.108 2015/11/16 06:13:04 logan Exp $ */
 /*
  * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
  *
@@ -1631,9 +1631,8 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
 	if ((oqueue = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
 
-	set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
-	rset = xmalloc(set_size);
-	wset = xmalloc(set_size);
+	rset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask));
+	wset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask));
 
 	if (homedir != NULL) {
 		if (chdir(homedir) != 0) {
@@ -1642,6 +1641,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
 		}
 	}
 
+	set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
 	for (;;) {
 		memset(rset, 0, set_size);
 		memset(wset, 0, set_size);