From 9fc38b1bcdfd7c16fc84f88314d7b9ec0f084b18 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Fri, 1 Mar 2013 11:47:03 +0000
Subject: [PATCH] ubik: Don't overflow server's addr array

We're checking to see if we've overflowed the array _after_ we've
looked up an element within it - so on the final iteration, we
always read past the end of the array.

Fix this by swapping the order of the tests in the for statemen

Caught by coverity (#985590)

Reviewed-on: http://gerrit.openafs.org/9326
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit a4ae9a4c3cc1fa5ca2b813174040dce36284a4b9)

Conflicts:
	src/ubik/recovery.c

Change-Id: Ic09177a1e85492e181e51d554ddb25df2ca2dfbd
Reviewed-on: http://gerrit.openafs.org/9373
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Paul Smeddle <paul.smeddle@gmail.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/ubik/recovery.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ubik/recovery.c b/src/ubik/recovery.c
index b17d05482..49198826e 100644
--- a/src/ubik/recovery.c
+++ b/src/ubik/recovery.c
@@ -878,7 +878,7 @@ DoProbe(struct ubik_server *server)
     extern afs_int32 ubikSecIndex;
     extern struct rx_securityClass *ubikSecClass;
 
-    for (i = 0; (addr = server->addr[i]) && (i < UBIK_MAX_INTERFACE_ADDR);
+    for (i = 0; (i < UBIK_MAX_INTERFACE_ADDR) && (addr = server->addr[i]);
 	 i++) {
 	conns[i] =
 	    rx_NewConnection(addr, ubik_callPortal, DISK_SERVICE_ID,
-- 
2.39.5