'spi' and the return value of ntohl are unsigned. Remove the extra >=0

check which was always true. Document the special meaning of spi values of 0 and 1-255 with a comment. Found with: Coverity Prevent(tm) CID: 2047
svn path=/head/; revision=170823
2007-06-16 09:25:23 +00:00 · 2007-06-16 09:25:23 +00:00 · 8db2374fc4 · 2020-12-20 02:59:44 +00:00
commit 8db2374fc4
parent 346e07c1ba
1 changed files with 6 additions and 1 deletions
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@ -3209,7 +3209,12 @@ key_mature(struct secasvar *sav)
 	switch (sav->sah->saidx.proto) {
 	case IPPROTO_ESP:
 	case IPPROTO_AH:
-		if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) {
+		/*
+		 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values
+		 * 1-255 reserved by IANA for future use,
+		 * 0 for implementation specific, local use.
+		 */
+		if (ntohl(sav->spi) <= 255) {
 			ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n",
 			    __func__, (u_int32_t)ntohl(sav->spi)));
 			return EINVAL;