From 7cbf7f1a9de3169a8a295eb3fd312c9032fd0d0d Mon Sep 17 00:00:00 2001
From: Krista 'DarthMama' Bennett <krista@pep.foundation>
Date: Mon, 25 Nov 2019 11:04:53 +0100
Subject: [PATCH] fix for reallocarray

---
 README.md         |  6 ++++++
 src/pgp_sequoia.c | 23 +++++++++++++++++++++--
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 51e11f60..5714a6cf 100644
--- a/README.md
+++ b/README.md
@@ -56,5 +56,11 @@ Accompanying documentation is licensed under the terms of the Creative Commons A
 Each file includes a notice near its beginning, that indicates the applicable license.
 If you wish to license the p≡p Engine under different terms, please contact <mailto:council@pep.foundation>.
 
+_pEp_reallocarray in pgp_sequoia.c is reallocarray from the OpenBSD source. It is 
+copyright (c) 2008 Otto Moerbeek <otto@drijf.net> with the following permissions: 
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
 # Contact
 The p≡p foundation and the developers of the p≡p Engine can be reached as detailed here: <https://pep.foundation/contact-us/index.html>.
diff --git a/src/pgp_sequoia.c b/src/pgp_sequoia.c
index 9a427ae4..1655c284 100644
--- a/src/pgp_sequoia.c
+++ b/src/pgp_sequoia.c
@@ -12,6 +12,7 @@
 #include <limits.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#include <stdlib.h>
 
 #include "wrappers.h"
 
@@ -122,6 +123,24 @@ int sq_sql_trace_callback (unsigned trace_constant,
 }
 #endif
 
+/* This is reallocarray taken from OpenBSD. See README.md for licensing. */
+/* Symbols are renamed for clashes, not to hide source. */
+/*
+ * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
+ * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
+ */
+#define PEP_MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4))
+static void* _pEp_reallocarray(void *optr, size_t nmemb, size_t size)
+{
+    if ((nmemb >= PEP_MUL_NO_OVERFLOW || size >= PEP_MUL_NO_OVERFLOW) &&
+        nmemb > 0 && SIZE_MAX / nmemb < size) {
+            errno = ENOMEM;
+            return NULL;
+    }
+    return realloc(optr, size * nmemb);
+}
+
+
 PEP_STATUS pgp_config_cipher_suite(PEP_SESSION session,
         PEP_CIPHER_SUITE suite)
 {
@@ -1790,13 +1809,13 @@ static PEP_STATUS pgp_encrypt_sign_optional(
                 assert(recipient_alloc > 0);
                 recipient_alloc *= 2;
 
-                void *t = reallocarray(recipient_keys, recipient_alloc,
+                void *t = _pEp_reallocarray(recipient_keys, recipient_alloc,
                                        sizeof(*recipient_keys));
                 if (! t)
                     ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");
                 recipient_keys = t;
 
-                t = reallocarray(recipients, recipient_alloc,
+                t = _pEp_reallocarray(recipients, recipient_alloc,
                                  sizeof(*recipients));
                 if (! t)
                     ERROR_OUT(NULL, PEP_OUT_OF_MEMORY, "out of memory");