From 7db1afd38f4a57c272de6b81482a914340a724fd Mon Sep 17 00:00:00 2001
From: Gregor Jasny <gjasny@googlemail.com>
Date: Sun, 28 Sep 2014 22:19:24 +0200
Subject: [PATCH] Fix integer shift overflow if both tcp_socket and udp_socket
 are set

The problem occurs if at the start of the loop the sockindex is at the
last valid ARES_GETSOCK_MAXNUM position. If then both udp_socket and
tcp_socket are valid, sockindex gets incremented for UDP first and
points one entry behind the array for the tcp block.
So the fix is to check after every increment of sockindex if it is still
valid.

Fix Coverity error CID 56878

Signed-off-by: Gregor Jasny <gjasny@googlemail.com>
---
 ares_getsock.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/ares_getsock.c b/ares_getsock.c
index 07d2854..22d3446 100644
--- a/ares_getsock.c
+++ b/ares_getsock.c
@@ -30,9 +30,7 @@ int ares_getsock(ares_channel channel,
   /* Are there any active queries? */
   int active_queries = !ares__is_list_empty(&(channel->all_queries));
 
-  for (i = 0;
-       (i < channel->nservers) && (sockindex < ARES_GETSOCK_MAXNUM);
-       i++)
+  for (i = 0; i < channel->nservers; i++)
     {
       server = &channel->servers[i];
       /* We only need to register interest in UDP sockets if we have
@@ -40,7 +38,7 @@ int ares_getsock(ares_channel channel,
        */
       if (active_queries && server->udp_socket != ARES_SOCKET_BAD)
         {
-          if(sockindex >= numsocks)
+          if(sockindex >= numsocks || sockindex >= ARES_GETSOCK_MAXNUM)
             break;
           socks[sockindex] = server->udp_socket;
           bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);
@@ -52,7 +50,7 @@ int ares_getsock(ares_channel channel,
        */
       if (server->tcp_socket != ARES_SOCKET_BAD)
        {
-         if(sockindex >= numsocks)
+         if(sockindex >= numsocks || sockindex >= ARES_GETSOCK_MAXNUM)
            break;
          socks[sockindex] = server->tcp_socket;
          bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);