From d2605cf0e5bf9fcbfd7b0d672d457f8754f7da89 Mon Sep 17 00:00:00 2001
From: Erwan Le Goas <elegoas@haproxy.com>
Date: Wed, 21 Sep 2022 16:24:23 +0200
Subject: [PATCH] BUG/MINOR: anon: memory illegal accesses in tools.c with
 hash_anon and hash_ipanon

chipitsine reported in github issue #1872 that in function hash_anon and
hash_ipanon, index_hash can be equal to NB_L_HASH_WORD and can reach an
inexisting line table, the table is initialized hash_word[NB_L_HASH_WORD][20];
so hash_word[NB_L_HASH_WORD] doesn't exist.

No backport needed, except if anonymization mechanism is backported.
---
 src/tools.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tools.c b/src/tools.c
index 474b7df31..f697eaccb 100644
--- a/src/tools.c
+++ b/src/tools.c
@@ -5858,7 +5858,7 @@ void update_word_fingerprint(uint8_t *fp, const char *word)
 const char *hash_anon(uint32_t scramble, const char *string2hash, const char *prefix, const char *suffix)
 {
 	index_hash++;
-	if (index_hash > NB_L_HASH_WORD)
+	if (index_hash == NB_L_HASH_WORD)
 		index_hash = 0;
 
 	/* don't hash empty strings */
@@ -5885,7 +5885,7 @@ const char *hash_ipanon(uint32_t scramble, char *ipstring)
 	int port;
 
 	index_hash++;
-        if (index_hash > NB_L_HASH_WORD) {
+        if (index_hash == NB_L_HASH_WORD) {
                 index_hash = 0;
 	}