From 98ce2a15a306a2502b925e6ac8df201958920bbf Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Mon, 19 Aug 2013 07:24:46 +0200
Subject: mmap_cache: Use stricter check for hash keys.

ht_size is size of hash_table in bytes, but hash keys have type uint32_t
---
 src/responder/nss/nsssrv_mmap_cache.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c
index 4846a9e27..1d35c134d 100644
--- a/src/responder/nss/nsssrv_mmap_cache.c
+++ b/src/responder/nss/nsssrv_mmap_cache.c
@@ -168,7 +168,7 @@ static void sss_mc_add_rec_to_chain(struct sss_mc_ctx *mcc,
     struct sss_mc_rec *cur;
     uint32_t slot;
 
-    if (hash > mcc->ht_size) {
+    if (hash > MC_HT_ELEMS(mcc->ht_size)) {
         /* Invalid hash. This should never happen, but better
          * return than trying to access out of bounds memory */
         return;
@@ -225,9 +225,11 @@ static void sss_mc_rm_rec_from_chain(struct sss_mc_ctx *mcc,
     struct sss_mc_rec *cur = NULL;
     uint32_t slot;
 
-    if (hash > mcc->ht_size) {
-        /* Invalid hash. This should never happen, but better
-         * return than trying to access out of bounds memory */
+    if (hash > MC_HT_ELEMS(mcc->ht_size)) {
+        /* It can happen if rec->hash1 and rec->hash2 was the same.
+         * or it is invalid hash. It is better to return
+         * than trying to access out of bounds memory
+         */
         return;
     }
 
-- 
cgit