From: Simon Wilkinson <sxw@your-file-system.com>
Date: Thu, 28 Feb 2013 15:26:15 +0000 (+0000)
Subject: Unix CM: Fix hash table overflow in dnlc code
X-Git-Tag: upstream/1.8.0_pre1^2~1382
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=d2437d02a6f59d972dd0690f7eb1c46cf7cc4b85;p=packages%2Fo%2Fopenafs.git

Unix CM: Fix hash table overflow in dnlc code

In GetMeAnEntry, we can end up overflowing the nameHash array by one
element if the stars are particularly badly aligned.

nameptr is a static across function calls, so nameptr and j are not
equal. If nameptr is increment to NHSIZE in the same loop iteration
as j reaches NHSIZE + 2, the loop will terminate. We'll then
lookup nameHash[NHSIZE], which is 1 element passed the end of the
array.

Add an if statement which loops nameptr outside the loop (in the
same way as the if statement in the loop)

Caught by coverity (#985568)

Change-Id: I47075f363fad10e8c19276359699566755779cca
Reviewed-on: http://gerrit.openafs.org/9312
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---

diff --git a/src/afs/afs_osidnlc.c b/src/afs/afs_osidnlc.c
index 1ba66ae3d..d8e4f0887 100644
--- a/src/afs/afs_osidnlc.c
+++ b/src/afs/afs_osidnlc.c
@@ -81,6 +81,9 @@ GetMeAnEntry(void)
 	    break;
     }
 
+    if (nameptr >= NHSIZE);
+	nameptr = 0;
+
     TRACE(ScavengeEntryT, nameptr);
     tnc = nameHash[nameptr];
     if (!tnc)			/* May want to consider changing this to return 0 */