Check for multiplication overflow on ALLOC_ARRAY* functions.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3068 e7ae566f-a301-0410-adde-c780ea21d3b5
author: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2008-07-17 20:10:18 +0000
committer: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> 2008-07-17 20:10:18 +0000
commit: 8e986316d9ad74f0837be34db4d120e596a331f0 (patch)
tree: 911188c502dc1d58e1e31b6395c0a570652a6ac5 /buffer.c
parent: Removed old version of extract_x509_field. (diff)
download: openvpn-8e986316d9ad74f0837be34db4d120e596a331f0.tar.xz
1 files changed, 10 insertions, 0 deletions
diff --git a/buffer.c b/buffer.c
index 08f0656..c71cd86 100644
--- a/buffer.c
+++ b/buffer.c
@@ -32,6 +32,16 @@
 
 #include "memdbg.h"
 
+size_t
+array_mult_safe (const size_t m1, const size_t m2)
+{
+  const unsigned long long limit = 0xFFFFFFFF;
+  unsigned long long res = (unsigned long long)m1 * (unsigned long long)m2;
+  if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(res > limit))
+    msg (M_FATAL, "attemped allocation of excessively large array");
+  return (size_t) res;
+}
+
 struct buffer
 #ifdef DMALLOC
 alloc_buf_debug (size_t size, const char *file, int line)
author	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2008-07-17 20:10:18 +0000
committer	james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>	2008-07-17 20:10:18 +0000
commit	8e986316d9ad74f0837be34db4d120e596a331f0 (patch)
tree	911188c502dc1d58e1e31b6395c0a570652a6ac5 /buffer.c
parent	Removed old version of extract_x509_field. (diff)
download	openvpn-8e986316d9ad74f0837be34db4d120e596a331f0.tar.xz