Minor refactor of CVE-2021-32765 fix.

Since `hi_calloc` always passes through one of our wrapper functions, we can perform this overflow in the wrapper, and get protection everywhere. Previous commit: 76a7b10005c70babee357a7d0f2becf28ec7ed1e Related vuln ID: CVE-2021-32765 [Full Details](https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2)
author: michael-grunder <michael.grunder@gmail.com> 2021-10-07 14:47:11 -0700
committer: Michael Grunder <michael.grunder@gmail.com> 2021-10-10 11:13:23 -0700
commit: e489846b7226958718ae91fa0c4999b420c706e2 (patch)
tree: 1df0ad3283eb91e06b84ca6546f33856f01ce031 /alloc.h
parent: 51c740824be0a604d931bdc6738a74f1ee0abb36 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/alloc.h b/alloc.h
index 34a05f4..771f9fe 100644
--- a/alloc.h
+++ b/alloc.h
@@ -32,6 +32,7 @@
 #define HIREDIS_ALLOC_H
 
 #include <stddef.h> /* for size_t */
+#include <stdint.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -59,6 +60,10 @@ static inline void *hi_malloc(size_t size) {
 }
 
 static inline void *hi_calloc(size_t nmemb, size_t size) {
+    /* Overflow check as the user can specify any arbitrary allocator */
+    if (SIZE_MAX / size < nmemb)
+        return NULL;
+
     return hiredisAllocFns.callocFn(nmemb, size);
 }
author	michael-grunder <michael.grunder@gmail.com>	2021-10-07 14:47:11 -0700
committer	Michael Grunder <michael.grunder@gmail.com>	2021-10-10 11:13:23 -0700
commit	e489846b7226958718ae91fa0c4999b420c706e2 (patch)
tree	1df0ad3283eb91e06b84ca6546f33856f01ce031 /alloc.h
parent	51c740824be0a604d931bdc6738a74f1ee0abb36 (diff)