* fix compile error

 * fix boundary condition if uid == MAX_USERS


git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@4634 63ad8ddf-47c3-0310-b6dd-a9e9d9715204

3 files changed, 28 insertions, 13 deletions

diff --git a/daemon/utmpd/Makefile b/daemon/utmpd/Makefile
index 97270836..65269c8d 100644
--- a/daemon/utmpd/Makefile
+++ b/daemon/utmpd/Makefile
@@ -5,7 +5,7 @@ SRCROOT=	../..
 
 PROGRAMS=	utmpserver utmpsync utmpserver2 utmpserver3 authserver
 UTILDIR=	$(SRCROOT)/util
-UTILOBJ=	$(UTILDIR)/util_var.o $(UTILDIR)/util_passwd.o
+UTILOBJ=	$(UTILDIR)/util_var.o
 
 LDLIBS+=$(SRCROOT)/common/bbs/libcmbbs.a \
 	$(SRCROOT)/common/sys/libcmsys.a \
diff --git a/daemon/utmpd/friend.cpp b/daemon/utmpd/friend.cpp
index e62a7198..5497ee2e 100644
--- a/daemon/utmpd/friend.cpp
+++ b/daemon/utmpd/friend.cpp
@@ -13,8 +13,8 @@
 /* 除了 user 及 utmp 之外, 全部的 ref index 都是雙向的, 確保 insert & delete O(1) */
 /* 當沒有人 refer 時則 resource recycle */
 
-typedef int Uid;
-typedef int Idx;
+typedef int Uid; /* 1 <= x <= MAX_USERS */
+typedef int Idx; /* 0 <= x < USHM_SIZE */
 
 
 struct Relation {
@@ -226,10 +226,20 @@ struct BBSUser {
 	utmplist.append(utmpidx);
 	online++;
 	assert(online==utmplist.n);
-	for(int i=0; i<MAX_FRIEND && likehim[i]; i++)
+	for(int i=0; i<MAX_FRIEND && likehim[i]; i++) {
+	    if (0 >= likehim[i] || likehim[i] > MAX_USERS) {
+		fprintf(stderr, "bad %d's likehim[%d]=%d\n", utmpidx, i, likehim[i]);
+		continue;
+	    }
 	    like.add(me, likehim[i]);
-	for(int i=0; i<MAX_REJECT && hatehim[i]; i++)
+	}
+	for(int i=0; i<MAX_REJECT && hatehim[i]; i++) {
+	    if (0 >= hatehim[i] || likehim[i] > MAX_USERS) {
+		fprintf(stderr, "bad %d's hatehim[%d]=%d\n", utmpidx, i, hatehim[i]);
+		continue;
+	    }
 	    hate.add(me, hatehim[i]);
+	}
     }
 
     void logout(int utmpidx) {
@@ -255,15 +265,15 @@ struct BBSUser {
 };
 
 struct UserList {
-    BBSUser users[MAX_USERS];
+    BBSUser users[MAX_USERS+1]; // [1~MAX_USERS] (0 is unused),
 
     UserList() {
-	for(int i=0; i<MAX_USERS; i++)
+	for(int i=0; i<=MAX_USERS; i++)
 	    users[i].me=i;
     }
     void login(Uid uid, Idx idx, const Uid likehim[MAX_FRIEND], const Uid hatehim[MAX_REJECT]) {
-	assert(uid<MAX_USERS);
-	assert(idx<USHM_SIZE);
+	assert(1 <= uid && uid<=MAX_USERS);
+	assert(0 < idx && idx<USHM_SIZE);
 	/* 由於不會收到 logout event, 因此 logout 只發生在 utmp override */
 	if(utmp.utmp[idx]!=-1) users[utmp.utmp[idx]].logout(idx);
 	users[uid].login(idx, likehim, hatehim);
diff --git a/daemon/utmpd/utmpserver3.c b/daemon/utmpd/utmpserver3.c
index 83fa6285..30894c5d 100644
--- a/daemon/utmpd/utmpserver3.c
+++ b/daemon/utmpd/utmpserver3.c
@@ -32,15 +32,15 @@ int action_frequently(int uid)
 	unsigned short lastlogin; // truncated time_t
 	unsigned char minute_count;
 	unsigned char hour_count;
-    } flooding[MAX_USERS];
+    } flooding[MAX_USERS+1];
 
     if(minute!=flood_base_minute) {
-	for(i=0; i<MAX_USERS; i++)
+	for(i=0; i<=MAX_USERS; i++)
 	    flooding[i].minute_count=0;
 	flood_base_minute=minute;
     }
     if(hour!=flood_base_hour) {
-	for(i=0; i<MAX_USERS; i++)
+	for(i=0; i<=MAX_USERS; i++)
 	    flooding[i].hour_count=0;
 	flood_base_hour=hour;
     }
@@ -242,11 +242,16 @@ void connection_client(int cfd, short event, void *arg)
 		    }
 		    evbuffer_remove(cs->evb, &index, sizeof(index));
 		    evbuffer_remove(cs->evb, &uid, sizeof(uid));
-		    if (index >= USHM_SIZE) {
+		    if (index >= USHM_SIZE || index < 0) {
 			fprintf(stderr, "bad index=%d\n", index);
 			cs->state = FSM_EXIT;
 			break;
 		    }
+		    if (uid > MAX_USERS || uid <= 0) {
+			fprintf(stderr, "bad uid=%d\n", uid);
+			cs->state = FSM_EXIT;
+			break;
+		    }
 		    count_login++;
 		    processlogin(cs, uid, index);
 		    if (count_login >= 4000 || (time(NULL) - begin_time) > 30*60)