diff options
author | Bjoern A. Zeeb <bz@FreeBSD.org> | 2007-06-16 09:25:23 +0000 |
---|---|---|
committer | Bjoern A. Zeeb <bz@FreeBSD.org> | 2007-06-16 09:25:23 +0000 |
commit | 8db2374fc4e71eb0580030fd021e259868bb7bff (patch) | |
tree | 73579e51e5d3842c042d64e5e87abb78f1f33c76 /sys/netipsec/key.c | |
parent | 346e07c1baae68cd9df320d5c47f72dea19add19 (diff) | |
download | src-8db2374fc4e71eb0580030fd021e259868bb7bff.tar.gz src-8db2374fc4e71eb0580030fd021e259868bb7bff.zip |
'spi' and the return value of ntohl are unsigned. Remove the extra >=0
check which was always true.
Document the special meaning of spi values of 0 and 1-255 with a comment.
Found with: Coverity Prevent(tm)
CID: 2047
Notes
Notes:
svn path=/head/; revision=170823
Diffstat (limited to 'sys/netipsec/key.c')
-rw-r--r-- | sys/netipsec/key.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index bd25513301c5..cb0284cd2e19 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -3209,7 +3209,12 @@ key_mature(struct secasvar *sav) switch (sav->sah->saidx.proto) { case IPPROTO_ESP: case IPPROTO_AH: - if (ntohl(sav->spi) >= 0 && ntohl(sav->spi) <= 255) { + /* + * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values + * 1-255 reserved by IANA for future use, + * 0 for implementation specific, local use. + */ + if (ntohl(sav->spi) <= 255) { ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n", __func__, (u_int32_t)ntohl(sav->spi))); return EINVAL; |