292650f04c2b5348b4efbad61fb014ed09b4f3f2 - pub/scm/libs/klibc/klibc

commit	292650f04c2b5348b4efbad61fb014ed09b4f3f2	[log] [tgz]
author	Ben Hutchings <ben@decadent.org.uk>	Wed Apr 28 04:29:50 2021 +0200
committer	Ben Hutchings <ben@decadent.org.uk>	Thu Apr 29 16:02:20 2021 +0200
tree	d7fa3f8844d87766943104120b39da471d4d9be0
parent	a31ae8c508fc8d1bca4f57e9f9f88127572d5202 [diff]

[klibc] calloc: Fail if multiplication overflows

calloc() multiplies its 2 arguments together and passes the result to
malloc().  Since the factors and product both have type size_t, this
can result in an integer overflow and subsequent buffer overflow.
Check for this and fail if it happens.

CVE-2021-31870

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

usr/klibc/calloc.c[diff]

1 file changed

tree: d7fa3f8844d87766943104120b39da471d4d9be0

contrib/
klcc/
scripts/
usr/
.gitignore
defconfig
git-rm-for-kernel.sh
Kbuild
klibc.spec.in
Makefile
README