diff options
author | bz <bz@FreeBSD.org> | 2007-06-16 09:25:23 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2007-06-16 09:25:23 +0000 |
commit | 028d7c7c98c788d122890a23c12143b9e9bcc8d9 (patch) | |
tree | 73579e51e5d3842c042d64e5e87abb78f1f33c76 /sys/netipsec | |
parent | 4590b15ce155f7ac2afab0c2293976a557d7709d (diff) | |
download | FreeBSD-src-028d7c7c98c788d122890a23c12143b9e9bcc8d9.zip FreeBSD-src-028d7c7c98c788d122890a23c12143b9e9bcc8d9.tar.gz |
'spi' and the return value of ntohl are unsigned. Remove the extra >=0
check which was always true.
Document the special meaning of spi values of 0 and 1-255 with a comment.
Found with: Coverity Prevent(tm)
CID: 2047
Diffstat (limited to 'sys/netipsec')
-rw-r--r-- | sys/netipsec/key.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index bd25513..cb0284c 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -3209,7 +3209,12 @@ key_mature(struct secasvar *sav) switch (sav->sah->saidx.proto) { case IPPROTO_ESP: case IPPROTO_AH: - if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) { + /* + * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values + * 1-255 reserved by IANA for future use, + * 0 for implementation specific, local use. + */ + if (ntohl(sav->spi) <= 255) { ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", __func__, (u_int32_t)ntohl(sav->spi))); return EINVAL; |