Unix CM: Fix hash table overflow in dnlc code

In GetMeAnEntry, we can end up overflowing the nameHash array by one
element if the stars are particularly badly aligned.

nameptr is a static across function calls, so nameptr and j are not
equal. If nameptr is increment to NHSIZE in the same loop iteration
as j reaches NHSIZE + 2, the loop will terminate. We'll then
lookup nameHash[NHSIZE], which is 1 element passed the end of the
array.

Add an if statement which loops nameptr outside the loop (in the
same way as the if statement in the loop)

Caught by coverity (#985568)

Reviewed-on: http://gerrit.openafs.org/9312
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit d2437d02a6f59d972dd0690f7eb1c46cf7cc4b85)

Change-Id: Ic19d72e6c012cb06e98c3c970162995e77da4b68
Reviewed-on: http://gerrit.openafs.org/9376
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/afs/afs_osidnlc.c b/src/afs/afs_osidnlc.c
index 0309e9a90ed750c0df3f94fd8a4a2c005c16ba0d..d67d1f4d40084c8da3af8e9c4e9f5afe79d34766 100644 (file)
--- a/src/afs/afs_osidnlc.c
+++ b/src/afs/afs_osidnlc.c
@@ -81,6 +81,9 @@ GetMeAnEntry(void)
            break;
     }
 
+    if (nameptr >= NHSIZE);
+       nameptr = 0;
+
     TRACE(ScavengeEntryT, nameptr);
     tnc = nameHash[nameptr];
     if (!tnc)                  /* May want to consider changing this to return 0 */