Unix CM: Don't overflow ICL logs array

When checking whether a user supplied index into the ICL logs array
is out of bounds, we need to check whether it is greater or equal
to the maxmimum number of elements. Otherwise we can access one
more than the number of elements in the array.

Caught by coverity (#985567)

Change-Id: Id90f02eae1d5689b9b2c9a82bce0e503941387da
Reviewed-on: http://gerrit.openafs.org/9311
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

diff --git a/src/afs/afs_icl.c b/src/afs/afs_icl.c
index 60520e1..dd16907 100644 (file)
--- a/src/afs/afs_icl.c
+++ b/src/afs/afs_icl.c
@@ -240,7 +240,7 @@ Afscall_icl(long opcode, long p1, long p2, long p3, long p4, long *retval)
        setp = afs_icl_FindSet(tname);
        if (!setp)
            return ENOENT;
-       if (p2 > ICL_LOGSPERSET)
+       if (p2 >= ICL_LOGSPERSET)
            return EINVAL;
        if (!(tlp = setp->logs[p2]))
            return EBADF;