cnid_metad: avoid out of bounds read

author Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>

Sat, 9 Feb 2013 10:49:42 +0000 (11:49 +0100)

committer Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>

Sat, 9 Feb 2013 10:49:42 +0000 (11:49 +0100)
author Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
Sat, 9 Feb 2013 10:49:42 +0000 (11:49 +0100)
committer Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
Sat, 9 Feb 2013 10:49:42 +0000 (11:49 +0100)
diff --git a/etc/cnid_dbd/cnid_metad.c b/etc/cnid_dbd/cnid_metad.c

index 18e063da638180339b4c5f9dec0fd75b8cf7a926..7b7664d52d6febb546718b1eaa42b710c2da5c76 100644 (file)
--- a/etc/cnid_dbd/cnid_metad.c
+++ b/etc/cnid_dbd/cnid_metad.c
@@ -184,8 +184,8 @@ static int maybe_start_dbd(const AFPObj *obj, char *dbdpn, const char *volpath)
      time(&t);
      if (!up) {
          /* find an empty slot (i < maxvol) or the first free slot (i == maxvol)*/
-        for (i = 0; i <= maxvol; i++) {
-            if (srv[i].v_path == NULL && i < MAXVOLS) {
+        for (i = 0; i <= maxvol && i < MAXVOLS; i++) {
+            if (srv[i].v_path == NULL) {
                  up = &srv[i];
                  if ((up->v_path = strdup(volpath)) == NULL)
                      return -1;
author	Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
	Sat, 9 Feb 2013 10:49:42 +0000 (11:49 +0100)
committer	Riccardo Magliocchetti <riccardo.magliocchetti@gmail.com>
	Sat, 9 Feb 2013 10:49:42 +0000 (11:49 +0100)