From 0c1815b37a27a609892a553005da2305a5779a1e Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Thu, 28 Feb 2013 15:26:15 +0000
Subject: [PATCH] Unix CM: Fix hash table overflow in dnlc code

In GetMeAnEntry, we can end up overflowing the nameHash array by one
element if the stars are particularly badly aligned.

nameptr is a static across function calls, so nameptr and j are not
equal. If nameptr is increment to NHSIZE in the same loop iteration
as j reaches NHSIZE + 2, the loop will terminate. We'll then
lookup nameHash[NHSIZE], which is 1 element passed the end of the
array.

Add an if statement which loops nameptr outside the loop (in the
same way as the if statement in the loop)

Caught by coverity (#985568)

Reviewed-on: http://gerrit.openafs.org/9312
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit d2437d02a6f59d972dd0690f7eb1c46cf7cc4b85)

Change-Id: Ic19d72e6c012cb06e98c3c970162995e77da4b68
Reviewed-on: http://gerrit.openafs.org/9376
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/afs/afs_osidnlc.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/afs/afs_osidnlc.c b/src/afs/afs_osidnlc.c
index 0309e9a90..d67d1f4d4 100644
--- a/src/afs/afs_osidnlc.c
+++ b/src/afs/afs_osidnlc.c
@@ -81,6 +81,9 @@ GetMeAnEntry(void)
 	    break;
     }
 
+    if (nameptr >= NHSIZE);
+	nameptr = 0;
+
     TRACE(ScavengeEntryT, nameptr);
     tnc = nameHash[nameptr];
     if (!tnc)			/* May want to consider changing this to return 0 */
-- 
2.39.5