using reallocarray() gives us multiplicative integer overflow checking

in case something wants to create massive amounts of environment, like
a bit more than 1/4 of a 32-bit address space.  unrealistic -- but why
audit one code path, and not treat others the same?  then you have to
re-engage everytime you see the code.  read the news, that isn't what
developers do.  At least if the code paths look the same, there is hope,
because they are easier to verify for correctness.  developers need
to give other developers a chance to want to care.

src/lib/libc/stdlib/setenv.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: setenv.c,v 1.14 2012/09/23 16:08:04 jeremy Exp $ */
+/*	$OpenBSD: setenv.c,v 1.15 2014/10/08 05:33:31 deraadt Exp $ */
 /*
  * Copyright (c) 1987 Regents of the University of California.
  * All rights reserved.
@@ -71,7 +71,7 @@ putenv(char *str)
 	for (P = environ; *P != NULL; P++)
 		;
 	cnt = P - environ;
-	P = (char **)realloc(lastenv, sizeof(char *) * (cnt + 2));
+	P = reallocarray(lastenv, cnt + 2, sizeof(char *));
 	if (!P)
 		return (-1);
 	if (lastenv != environ)
@@ -129,7 +129,7 @@ setenv(const char *name, const char *value, int rewrite)
 		for (P = environ; *P != NULL; P++)
 			;
 		cnt = P - environ;
-		P = (char **)realloc(lastenv, sizeof(char *) * (cnt + 2));
+		P = reallocarray(lastenv, cnt + 2, sizeof(char *));
 		if (!P)
 			return (-1);
 		if (lastenv != environ)