'spi' and the return value of ntohl are unsigned. Remove the extra >=0
check which was always true. Document the special meaning of spi values of 0 and 1-255 with a comment. Found with: Coverity Prevent(tm) CID: 2047
This commit is contained in:
parent
346e07c1ba
commit
8db2374fc4
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=170823
@ -3209,7 +3209,12 @@ key_mature(struct secasvar *sav)
|
||||
switch (sav->sah->saidx.proto) {
|
||||
case IPPROTO_ESP:
|
||||
case IPPROTO_AH:
|
||||
if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) {
|
||||
/*
|
||||
* RFC 4302, 2.4. Security Parameters Index (SPI), SPI values
|
||||
* 1-255 reserved by IANA for future use,
|
||||
* 0 for implementation specific, local use.
|
||||
*/
|
||||
if (ntohl(sav->spi) <= 255) {
|
||||
ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n",
|
||||
__func__, (u_int32_t)ntohl(sav->spi)));
|
||||
return EINVAL;
|
||||
|
Loading…
Reference in New Issue
Block a user