Unix CM: Don't overflow ICL logs array

When checking whether a user supplied index into the ICL logs array
is out of bounds, we need to check whether it is greater or equal
to the maxmimum number of elements. Otherwise we can access one
more than the number of elements in the array.

Caught by coverity (#985567)

Reviewed-on: http://gerrit.openafs.org/9311
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit ff8bae8938532d95f792258d2c520705e095e7af)

Change-Id: I5dba0d22d4589cb7d1f0a4fe57623646d300ab61
Reviewed-on: http://gerrit.openafs.org/9378
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/afs/afs_icl.c b/src/afs/afs_icl.c
index 759342b5e979ff94dcafcded7d7d24c8c3d76e2e..2c82f212011960f29a12ff03db8e8baf19d17c9d 100644 (file)
--- a/src/afs/afs_icl.c
+++ b/src/afs/afs_icl.c
@@ -237,7 +237,7 @@ Afscall_icl(long opcode, long p1, long p2, long p3, long p4, long *retval)
        setp = afs_icl_FindSet(tname);
        if (!setp)
            return ENOENT;
-       if (p2 > ICL_LOGSPERSET)
+       if (p2 >= ICL_LOGSPERSET)
            return EINVAL;
        if (!(tlp = setp->logs[p2]))
            return EBADF;