From d2437d02a6f59d972dd0690f7eb1c46cf7cc4b85 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Thu, 28 Feb 2013 15:26:15 +0000
Subject: [PATCH 1/1] Unix CM: Fix hash table overflow in dnlc code

In GetMeAnEntry, we can end up overflowing the nameHash array by one
element if the stars are particularly badly aligned.

nameptr is a static across function calls, so nameptr and j are not
equal. If nameptr is increment to NHSIZE in the same loop iteration
as j reaches NHSIZE + 2, the loop will terminate. We'll then
lookup nameHash[NHSIZE], which is 1 element passed the end of the
array.

Add an if statement which loops nameptr outside the loop (in the
same way as the if statement in the loop)

Caught by coverity (#985568)

Change-Id: I47075f363fad10e8c19276359699566755779cca
Reviewed-on: http://gerrit.openafs.org/9312
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 src/afs/afs_osidnlc.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/afs/afs_osidnlc.c b/src/afs/afs_osidnlc.c
index 1ba66ae..d8e4f08 100644
--- a/src/afs/afs_osidnlc.c
+++ b/src/afs/afs_osidnlc.c
@@ -81,6 +81,9 @@ GetMeAnEntry(void)
 	    break;
     }
 
+    if (nameptr >= NHSIZE);
+	nameptr = 0;
+
     TRACE(ScavengeEntryT, nameptr);
     tnc = nameHash[nameptr];
     if (!tnc)			/* May want to consider changing this to return 0 */
-- 
1.9.4