include/internal/hashtable.h: avoid OOB read in ossl_ht_strcase()

Avoid accessing src[len] by swapping the check order and bound check
the iterator variable before the access.

Found by cppcheck.

Fixes: cc4ea5e00028 "Introduce new internal hashtable implementation"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Wed Jun 24 13:09:25 2026
(Merged from https://github.com/openssl/openssl/pull/31663)

diff --git a/include/internal/hashtable.h b/include/internal/hashtable.h
index 7c4150ba28890bf6a2de905cbf1b3bdc30ead4a5..9aad6530974f3da19dc8eb65092b3871cf030793 100644 (file)
--- a/include/internal/hashtable.h
+++ b/include/internal/hashtable.h
@@ -357,7 +357,7 @@ static ossl_inline ossl_unused void ossl_ht_strcase(HT_KEY *key, char *tgt, cons
     if (key != NULL && key->keysize + len > key->bufsize)
         len = (size_t)(key->bufsize - key->keysize);
 
-    for (i = 0; src[i] != '\0' && i < len; i++)
+    for (i = 0; i < len && src[i] != '\0'; i++)
         tgt[i] = case_adjust & src[i];
 }