Hash table: check hash array size when inserting element

If the hash function returns an index greater than the array size of the
hash table, the index is not checked. Even if this is the responsibility
of the caller, add a safety check to avoid errors.

diff --git a/src/util-hash.c b/src/util-hash.c
index ae72cd8a9f6f64136a7a6a1ef39447c287b16339..b9c9986f94cec1f5b94f65d173f8ebf152768173 100644 (file)
--- a/src/util-hash.c
+++ b/src/util-hash.c
@@ -125,6 +125,11 @@ int HashTableAdd(HashTable *ht, void *data, uint16_t datalen)
     hb->size = datalen;
     hb->next = NULL;
 
+    if (hash >= ht->array_size) {
+        SCLogWarning(SC_ERR_INVALID_VALUE, "attempt to insert element out of hash array\n");
+        goto error;
+    }
+
     if (ht->array[hash] == NULL) {
         ht->array[hash] = hb;
     } else {
@@ -192,6 +197,11 @@ void *HashTableLookup(HashTable *ht, void *data, uint16_t datalen)
 
     hash = ht->Hash(ht, data, datalen);
 
+    if (hash >= ht->array_size) {
+        SCLogWarning(SC_ERR_INVALID_VALUE, "attempt to access element out of hash array\n");
+        return NULL;
+    }
+
     if (ht->array[hash] == NULL)
         return NULL;