Integer Overflow in http_calloc()

In lib/isc/netmgr/http.c:http_calloc() two size_t variables are multiplied, which might lead to an overflow during the calculation. When that happens, less memory than expected by the caller is allocated, which might lead to a heap-based buffer overflow.

static void *
http_calloc(size_t n, size_t sz, isc_mem_t *mctx) {
        const size_t msize = n * sz;
        void *data = isc_mem_allocate(mctx, msize);

        memset(data, 0, msize);
        return (data);
}

We would recommend to add an overflow check for the multiplication and return NULL on overflow similar to the check implemented in isc__uv_calloc().

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information