[Swan-commit] Changes to ref refs/heads/main
D. Hugh Redelmeier
hugh at vault.libreswan.fi
Fri Aug 28 16:21:46 UTC 2020
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date: Fri Aug 28 12:20:29 2020 -0400
pluto: netlink/xfrm code improvement
+ Eliminate horrible pointer bug. Parameter rsp was treated as a
buffer, not a pointer to a buffer. Many misbehaviors probably
cascade from this. For example, all callers looked into the
buffer that they provided for error results. But their buffer
would never have even been initialized.
+ Completely redoo interface. DHR still doesn't really understand
what function is supposed to do.
- nl_addattr_l: make attempted buffer overrun fatal (passert). The
code used to log and then proceed to overrun the buffer.
- many functions are designed to return a boolean result: false on
success and true on failure. This is unconventionsal. I've
added comments to flag this.
- of the functions that used a bool to indicate failure, and could not
fail or where no caller cared, the return type has been changed to void.
- several of those bool results were produced or used as the wrong
+ nl_addattr_nest_end returned a meaningless int but no caller used it.
+ nl_addattr_l returned NULL as if it were a bool but no caller used it
+ nl_addattrstrz and nl_addattr32 returned the nonsense the got from
nl_addattr_l but no caller used the result.
- eliminated the (new) logger argument for functions that no longer
needed it. This was a cascade due to nl_addatter_l no longer
- kernel_xfrm_interface.c: the variable xfrm_interface_support isn't
clear. Added a comment and an initializer to improve this
- make ip_link_set_up fail if nl_query_small_resp failed.
- make ip_link_del fail if nl_query_small_resp failed
- make ip_link_add_xfrmi fail if nl_query_small_resp failed
- make ipsec1_support_test fail if ip_link_add_xfrmi failed
- minor simplifications in control flow
- reducing scope of some autos
- make ip_link_set_up file static instead of extern
- sprinkle "const"
- sprinkle comments
More information about the Swan-commit