From: Benjamin Kaduk <kaduk@mit.edu>
Date: Tue, 28 Nov 2017 04:17:28 +0000 (-0600)
Subject: afs: Fix bounds check in PNewCell
X-Git-Tag: upstream/1.8.0_pre3^2~4
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=e2c47cae56ba0d804af119fb158a9fe77fa3a15e;p=packages%2Fo%2Fopenafs.git

afs: Fix bounds check in PNewCell

Reported by the opensuse buildbot:

  CC [M]  /home/buildbot/opensuse-tumbleweed-i386-builder/build/src/libafs/MODLOAD-4.13.12-1-default-MP/rx_packet.o
/home/buildbot/opensuse-tumbleweed-i386-builder/build/src/afs/afs_pioctl.c: In function ‘PNewCell’:
/home/buildbot/opensuse-tumbleweed-i386-builder/build/src/afs/afs_pioctl.c:3075:55: error: ‘*’ in boolean context, suggest ‘&&’ instead [-Werror=int-in-bool-context]
     if ((afs_pd_remaining(ain) < AFS_MAXCELLHOSTS +3) * sizeof(afs_int32))
         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~

The bug was introduced in commit 718f85a8b6.

Reviewed-on: https://gerrit.openafs.org/12782
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 4fa0ee620cfb9991ca9748b5ee116cc8e1e6c505)

Change-Id: I0963403846a62dddf2d13ce3c03d772a6d869119
Reviewed-on: https://gerrit.openafs.org/12784
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
---

diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
index babb600fc..ce6b96b04 100644
--- a/src/afs/afs_pioctl.c
+++ b/src/afs/afs_pioctl.c
@@ -3072,7 +3072,7 @@ DECL_PIOCTL(PNewCell)
      * This whole logic is bogus, because it relies on the newer command
      * sending its 12th address as 0.
      */
-    if ((afs_pd_remaining(ain) < AFS_MAXCELLHOSTS +3) * sizeof(afs_int32))
+    if (afs_pd_remaining(ain) < (AFS_MAXCELLHOSTS + 3) * sizeof(afs_int32))
 	return EINVAL;
 
     newcell = afs_pd_where(ain) + (AFS_MAXCELLHOSTS + 3) * sizeof(afs_int32);