upstream: Add explicit check for array overflow.

daztucker · daztucker · commit 893a579e4b37 · 2025-09-30T08:20:21.000+10:00
The array is bounded by a NULL sentinel which already prevents this,
however since we check the bit vector for overflow Coverity assumes that
check is for the devices array and flags it as a potential overflow.
Adding this additional check on the array placates CID 896018.  ok djm@
deraadt@

OpenBSD-Commit-ID: e92fff41341b38e4206a70655cc9acaaa032ebee
diff --git a/auth2-chall.c b/auth2-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.55 2025/09/29 02:32:15 djm Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.56 2025/09/29 21:37:52 dtucker Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2001 Per Allansson.  All rights reserved.
@@ -165,7 +165,8 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
 		if (len == 0)
 			break;
 		for (i = 0; devices[i]; i++) {
-			if (i >= sizeof(kbdintctxt->devices_done) * 8)
+			if (i >= sizeof(kbdintctxt->devices_done) * 8 ||
+			    i >= sizeof(devices) / sizeof(devices[0]) - 1)
 				fatal_f("internal error: too may devices");
 			if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
 			    !auth2_method_allowed(authctxt,
