tload: Prevent integer overflows of ncols, nrows, and scr_size.

Also, use xerrx() instead of xerr() since errno is not set.
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent 4c346cf594
commit 031bc56f65

View File

@ -43,6 +43,7 @@
#include <sys/ioctl.h> #include <sys/ioctl.h>
#include <termios.h> #include <termios.h>
#include <unistd.h> #include <unistd.h>
#include <limits.h>
static char *screen; static char *screen;
@ -70,9 +71,13 @@ static void setsize(int i)
if (win.ws_row > 0) if (win.ws_row > 0)
nrows = win.ws_row; nrows = win.ws_row;
} }
if (ncols < 2 || ncols >= INT_MAX)
xerrx(EXIT_FAILURE, _("screen too small or too large"));
if (nrows < 2 || nrows >= INT_MAX / ncols)
xerrx(EXIT_FAILURE, _("screen too small or too large"));
scr_size = nrows * ncols; scr_size = nrows * ncols;
if (scr_size < 2) if (scr_size < 2)
xerr(EXIT_FAILURE, _("screen too small")); xerrx(EXIT_FAILURE, _("screen too small"));
if (screen == NULL) if (screen == NULL)
screen = (char *)xmalloc(scr_size); screen = (char *)xmalloc(scr_size);
else else