[MaraDNS list] Multiple issues in JsStrOS.c

[Rich Felker]

I've been trying to track down some problems that might be in MaraDNS
or my system (musl libc), and I just got around to reading the string
library code and found some potentially-serious issues.

1. Integer overflow in js_alloc (JsStrOS.c line 66):

    data = (void *)malloc(unit_count * unit_size);

I don't believe this is exploitable in MaraDNS (unit_size is actually
usually 1), but it's still a serious bug at the library level.

2. js_alloc aborts the calling program on failure. This is just really
bad behavior for a library, and creates a DoS vulnerability in any
software using it. As far as I can tell, MaraDNS properly checks
js_alloc for failure despite the fact that it can never return failure
(it's already aborted). In addition, the code writes to stdout before
terminating, which is also troubling to see in library code.

Rich (same guy as back in 2005)