From c5cd32de1bea2ea0910a898bed21e68d7cc30c9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Tue, 14 Sep 2010 18:12:57 +0300
Subject: authdb: fix memory corruption bugs

properly calculate module of the hash bucket, and when cleaning up
free the correct entry (instead of the next one).
---
 authdb.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/authdb.c b/authdb.c
index 830bb94..304c03e 100644
--- a/authdb.c
+++ b/authdb.c
@@ -93,7 +93,7 @@ void authdb_close(struct authdb *adb)
 	for (i = 0; i < ARRAY_SIZE(adb->hash_bucket); i++) {
 		for (c = adb->hash_bucket[i]; c != NULL; c = n) {
 			n = c->next;
-			authdb_me_free(n);
+			authdb_me_free(c);
 		}
 	}
 }
@@ -156,7 +156,9 @@ void *authdb_get(struct authdb *adb, sockaddr_any *addr, struct authdb_entry *en
 
 	e = b.ptr[0];
 	b.ptr[0] = 0x00;
+
 	hash = b.ptr[1] + b.ptr[2] + b.ptr[3];
+	hash %= ARRAY_SIZE(adb->hash_bucket);
 
 	for (me = adb->hash_bucket[hash]; me != NULL; me = me->next) {
 		if (addr_cmp(&baseaddr, &me->baseaddr) == 0)
-- 
cgit v1.2.3