diff options
author | Colin Percival <cperciva@FreeBSD.org> | 2009-04-22 14:07:14 +0000 |
---|---|---|
committer | Colin Percival <cperciva@FreeBSD.org> | 2009-04-22 14:07:14 +0000 |
commit | 57895cdc764809ad29336431ee6b43c68fe15f15 (patch) | |
tree | ee06066b1e128e876793d149c7f3c844851f69a8 /lib/libc/db/mpool/mpool.c | |
parent | cff0c03ef7b93d6ab09a8ce2ab009348e5c7aecd (diff) | |
download | src-57895cdc764809ad29336431ee6b43c68fe15f15.tar.gz src-57895cdc764809ad29336431ee6b43c68fe15f15.zip |
Don't leak information via uninitialized space in db(3) records. [09:07]releng/7.0
Sanity-check string lengths in order to stop OpenSSL crashing
when printing corrupt BMPString or UniversalString objects. [09:08]
Security: FreeBSD-SA-09:07.libc
Security: FreeBSD-SA-09:08.openssl
Security: CVE-2009-0590
Approved by: re (kensmith)
Approved by: so (cperciva)
Notes
Notes:
svn path=/releng/7.0/; revision=191381
Diffstat (limited to 'lib/libc/db/mpool/mpool.c')
-rw-r--r-- | lib/libc/db/mpool/mpool.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/libc/db/mpool/mpool.c b/lib/libc/db/mpool/mpool.c index aedf1fd0115f..24860b2043bd 100644 --- a/lib/libc/db/mpool/mpool.c +++ b/lib/libc/db/mpool/mpool.c @@ -343,7 +343,7 @@ mpool_bkt(mp) return (bp); } -new: if ((bp = (BKT *)malloc(sizeof(BKT) + mp->pagesize)) == NULL) +new: if ((bp = (BKT *)calloc(1, sizeof(BKT) + mp->pagesize)) == NULL) return (NULL); #ifdef STATISTICS ++mp->pagealloc; |