Guard call to contract() from doall_util_fn().

It is not safe to unconditionally call contract() - when called repeatedly
it will shrink the bucket array to zero and then attempt to access that
allocation on the next call. Use the same guard that is used in
lh_delete().

Issue found when investigating haproxy crashes reported by wizard-it on
GitHub.

ok tb@

1 files changed, 4 insertions, 2 deletions

diff --git a/src/lib/libcrypto/lhash/lhash.c b/src/lib/libcrypto/lhash/lhash.c
index cd69f6fec1..2fb3c4ca59 100644
--- a/src/lib/libcrypto/lhash/lhash.c
+++ b/src/lib/libcrypto/lhash/lhash.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: lhash.c,v 1.22 2024/03/02 11:11:11 tb Exp $ */
+/* $OpenBSD: lhash.c,v 1.23 2024/05/06 14:36:05 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -294,7 +294,9 @@ doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
 
         /* Restore down load factor and trigger contraction. */
         lh->down_load = down_load;
-        contract(lh);
+        if ((lh->num_nodes > MIN_NODES) &&
+            (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)))
+                contract(lh);
 }
 
 void