upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-13 10:40:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

'spi' and the return value of ntohl are unsigned. Remove the extra >=0

Browse source 
check which was always true.
Document the special meaning of spi values of 0 and 1-255 with a comment.

Found with:	Coverity Prevent(tm)
CID:		2047
This commit is contained in:
Bjoern A. Zeeb 2007-06-16 09:25:23 +00:00
parent 346e07c1ba
commit 8db2374fc4
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
sys/netipsec/key.c
View file

@ -3209,7 +3209,12 @@ key_mature(struct secasvar *sav)
switch (sav->sah->saidx.proto) {
case IPPROTO_ESP:
case IPPROTO_AH:
if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) {
/*
* RFC 4302, 2.4. Security Parameters Index (SPI), SPI values
* 1-255 reserved by IANA for future use,
* 0 for implementation specific, local use.
*/
if (ntohl(sav->spi) <= 255) {
ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n",
__func__, (u_int32_t)ntohl(sav->spi)));
return EINVAL;