From e2c47cae56ba0d804af119fb158a9fe77fa3a15e Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Mon, 27 Nov 2017 22:17:28 -0600 Subject: [PATCH] afs: Fix bounds check in PNewCell MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reported by the opensuse buildbot: CC [M] /home/buildbot/opensuse-tumbleweed-i386-builder/build/src/libafs/MODLOAD-4.13.12-1-default-MP/rx_packet.o /home/buildbot/opensuse-tumbleweed-i386-builder/build/src/afs/afs_pioctl.c: In function ‘PNewCell’: /home/buildbot/opensuse-tumbleweed-i386-builder/build/src/afs/afs_pioctl.c:3075:55: error: ‘*’ in boolean context, suggest ‘&&’ instead [-Werror=int-in-bool-context] if ((afs_pd_remaining(ain) < AFS_MAXCELLHOSTS +3) * sizeof(afs_int32)) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~ The bug was introduced in commit 718f85a8b6. Reviewed-on: https://gerrit.openafs.org/12782 Tested-by: BuildBot Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk (cherry picked from commit 4fa0ee620cfb9991ca9748b5ee116cc8e1e6c505) Change-Id: I0963403846a62dddf2d13ce3c03d772a6d869119 Reviewed-on: https://gerrit.openafs.org/12784 Reviewed-by: Michael Meffie Tested-by: BuildBot Reviewed-by: Benjamin Kaduk --- src/afs/afs_pioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c index babb600fc..ce6b96b04 100644 --- a/src/afs/afs_pioctl.c +++ b/src/afs/afs_pioctl.c @@ -3072,7 +3072,7 @@ DECL_PIOCTL(PNewCell) * This whole logic is bogus, because it relies on the newer command * sending its 12th address as 0. */ - if ((afs_pd_remaining(ain) < AFS_MAXCELLHOSTS +3) * sizeof(afs_int32)) + if (afs_pd_remaining(ain) < (AFS_MAXCELLHOSTS + 3) * sizeof(afs_int32)) return EINVAL; newcell = afs_pd_where(ain) + (AFS_MAXCELLHOSTS + 3) * sizeof(afs_int32); -- 2.39.5