From 81aee1540534350bc33826bf207c7ee1df147f63 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Thu, 28 Feb 2013 13:45:00 +0000
Subject: [PATCH] Unix CM: Don't overflow ICL logs array

When checking whether a user supplied index into the ICL logs array
is out of bounds, we need to check whether it is greater or equal
to the maxmimum number of elements. Otherwise we can access one
more than the number of elements in the array.

Caught by coverity (#985567)

Reviewed-on: http://gerrit.openafs.org/9311
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit ff8bae8938532d95f792258d2c520705e095e7af)

Change-Id: I5dba0d22d4589cb7d1f0a4fe57623646d300ab61
Reviewed-on: http://gerrit.openafs.org/9378
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/afs/afs_icl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/afs/afs_icl.c b/src/afs/afs_icl.c
index 759342b5e..2c82f2120 100644
--- a/src/afs/afs_icl.c
+++ b/src/afs/afs_icl.c
@@ -237,7 +237,7 @@ Afscall_icl(long opcode, long p1, long p2, long p3, long p4, long *retval)
 	setp = afs_icl_FindSet(tname);
 	if (!setp)
 	    return ENOENT;
-	if (p2 > ICL_LOGSPERSET)
+	if (p2 >= ICL_LOGSPERSET)
 	    return EINVAL;
 	if (!(tlp = setp->logs[p2]))
 	    return EBADF;
-- 
2.39.5