upstream: Add explicit check for array overflow.

The array is bounded by a NULL sentinel which already prevents this,
however since we check the bit vector for overflow Coverity assumes that
check is for the devices array and flags it as a potential overflow.
Adding this additional check on the array placates CID 896018.  ok djm@
deraadt@

OpenBSD-Commit-ID: e92fff41341b38e4206a70655cc9acaaa032ebee

diff --git a/auth2-chall.c b/auth2-chall.c
index 5af8b0945d59b40d387dd19c04f217fa6d16fa7f..bc2482a03a646f04e928bf65d31393255812fd57 100644 (file)
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.55 2025/09/29 02:32:15 djm Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.56 2025/09/29 21:37:52 dtucker Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2001 Per Allansson.  All rights reserved.
@@ -165,7 +165,8 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
                if (len == 0)
                        break;
                for (i = 0; devices[i]; i++) {
-                       if (i >= sizeof(kbdintctxt->devices_done) * 8)
+                       if (i >= sizeof(kbdintctxt->devices_done) * 8 ||
+                           i >= sizeof(devices) / sizeof(devices[0]) - 1)
                                fatal_f("internal error: too may devices");
                        if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
                            !auth2_method_allowed(authctxt,