From c83a135dac77b916d1188026a12634de0e98fc3a Mon Sep 17 00:00:00 2001
From: Benjamin Kaduk <kaduk@mit.edu>
Date: Sat, 2 Feb 2019 14:23:03 -0600
Subject: [PATCH] vlserver: fix vlentryread() for old vldb formats
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

When we're using old format compatibility, use OMAXNSERVERS for the
array lengths instead of MAXNSERVERS.  Otherwise we'll try to copy more
data than we've read.

Detected by gcc8 as:

vlutils.c:183:2: error: âmemcpyâ forming offset [149, 151] is out of the bounds [0, 148] of object âtentryâ with type âstruct vlentryâ [-Werror=array-bounds]
  memcpy(nbufp->serverFlags, oep->serverFlags, NMAXNSERVERS);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vlutils.c:141:26: note: âtentryâ declared here
     struct vlentry *oep, tentry;
                          ^~~~~~

Reviewed-on: https://gerrit.openafs.org/13465
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 7620bd33487207b348ed7aeba45f8d743132ba84)

Change-Id: I7dc4ad48805c6a82dd021d156fe187dd97e5b456
Reviewed-on: https://gerrit.openafs.org/13734
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/vlserver/vlutils.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/vlserver/vlutils.c b/src/vlserver/vlutils.c
index 06ad04b67..d61588419 100644
--- a/src/vlserver/vlutils.c
+++ b/src/vlserver/vlutils.c
@@ -178,9 +178,9 @@ vlentryread(struct ubik_trans *trans, afs_int32 offset, char *buffer,
 	    nbufp->nextIdHash[i] = ntohl(oep->nextIdHash[i]);
 	nbufp->nextNameHash = ntohl(oep->nextNameHash);
 	memcpy(nbufp->name, oep->name, VL_MAXNAMELEN);
-	memcpy(nbufp->serverNumber, oep->serverNumber, NMAXNSERVERS);
-	memcpy(nbufp->serverPartition, oep->serverPartition, NMAXNSERVERS);
-	memcpy(nbufp->serverFlags, oep->serverFlags, NMAXNSERVERS);
+	memcpy(nbufp->serverNumber, oep->serverNumber, OMAXNSERVERS);
+	memcpy(nbufp->serverPartition, oep->serverPartition, OMAXNSERVERS);
+	memcpy(nbufp->serverFlags, oep->serverFlags, OMAXNSERVERS);
     }
     return 0;
 }
-- 
2.39.5