From 0 Mon Sep 17 00:00:00 2001
From: Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
Date: Wed, 20 Feb 2013 23:38:28 +0400
Subject: [PATCH 24] fix segfault on x86-64 on /8 network

UINT_MAX is (2^4 - 1) on both ix86 and x86-64. /8 is about 2^24 leases,
but sizeof(struct lease) on x86-64 is about 269 bytes.

SIZE_MAX if (2^4 - 1) on ix86, but sizeof(struct lease) is about 160
bytes.

diff --git a/dhcp/server/salloc.c b/dhcp/server/salloc.c
index defaced..defaced 100644
--- a/dhcp/server/salloc.c
+++ b/dhcp/server/salloc.c
@@ -87,17 +87,24 @@ struct lease *new_leases (n, file, line)
 	int line;
 {
 	struct lease *rval;
+	size_t m;
 #if defined (DEBUG_MEMORY_LEAKAGE_ON_EXIT)
-	rval = dmalloc ((n + 1) * sizeof (struct lease), file, line);
-	if (rval != NULL) {
-		memset (rval, 0, sizeof (struct lease));
-		rval -> starts = n;
-		rval -> next = lease_hunks;
-		lease_hunks = rval;
-		rval++;
-	}
+	m = n + 1;
 #else
-	rval = dmalloc (n * sizeof (struct lease), file, line);
+	m = n;
+#endif
+	if (sizeof (struct lease) > SIZE_MAX / m)
+		return NULL;
+	rval = dmalloc (m * sizeof (struct lease), file, line);
+	if (!rval)
+		return rval;
+
+#if defined (DEBUG_MEMORY_LEAKAGE_ON_EXIT)
+	memset (rval, 0, sizeof (struct lease));
+	rval -> starts = n;
+	rval -> next = lease_hunks;
+	lease_hunks = rval;
+	rval++;
 #endif
 	return rval;
 }