If we already have the maximum number of peer addresses, do not
stuff the peer address into the wrong slot.
If a site instance is configured with the maximum permissible limit on
the number of mobile peer addresses (ie with mobile-peers-max set to
5), this overruns the transport peers array. In such a configuration
this is a security problem. It looks like a denial of service and
privilege escalation can't be ruled out. Configurations without
mobile peers are not affected.
Otherwise it simply means the address is ignored.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
changed=1;
if (peers->npeers==st->transport_peers_max)
- slot=st->transport_peers_max;
+ slot=st->transport_peers_max-1;
else
slot=peers->npeers++;