xnu-4903.221.2.tar.gz

[apple/xnu.git] / bsd / security / audit / audit_bsd.c

diff --git a/bsd/security/audit/audit_bsd.c b/bsd/security/audit/audit_bsd.c
index a08ab453d95c41b25411e9907df9e4823d478520..5a6ea37507c10fe13c35eef449107753de660913 100644 (file)
--- a/bsd/security/audit/audit_bsd.c
+++ b/bsd/security/audit/audit_bsd.c
@@ -51,6 +51,8 @@
 #include <mach/host_special_ports.h>
 #include <mach/audit_triggers_server.h>
 
+#include <os/overflow.h>
+
 extern void ipc_port_release_send(ipc_port_t port);
 
 #if CONFIG_AUDIT
@@ -182,7 +184,10 @@ _audit_malloc(size_t size, au_malloc_type_t *type, int flags)
 #endif
 {
        struct mhdr     *hdr;
-       size_t  memsize = sizeof (*hdr) + size;
+       size_t  memsize;
+       if (os_add_overflow(sizeof(*hdr), size, &memsize)) {
+               return (NULL);
+       }
 
        if (size == 0)
                return (NULL);
@@ -229,8 +234,9 @@ _audit_free(void *addr, __unused au_malloc_type_t *type)
                return;
        hdr = addr; hdr--;
 
-       KASSERT(hdr->mh_magic == AUDIT_MHMAGIC,
-           ("_audit_free(): hdr->mh_magic != AUDIT_MHMAGIC"));
+       if (hdr->mh_magic != AUDIT_MHMAGIC) {
+           panic("_audit_free(): hdr->mh_magic (%lx) != AUDIT_MHMAGIC", hdr->mh_magic);
+       }
 
 #if AUDIT_MALLOC_DEBUG
        if (type != NULL) {