[Swan-commit] Changes to ref refs/heads/main

D. Hugh Redelmeier hugh at vault.libreswan.fi
Fri Aug 28 16:21:46 UTC 2020

New commits:
commit 0813b56e289f721a52929d398741ddc15316582c
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Fri Aug 28 12:20:29 2020 -0400

    pluto: netlink/xfrm code improvement
    - nl_query_small_resp:
      + Eliminate horrible pointer bug.  Parameter rsp was treated as a
        buffer, not a pointer to a buffer.  Many misbehaviors probably
        cascade from this.  For example, all callers looked into the
        buffer that they provided for error results.  But their buffer
        would never have even been initialized.
      + Completely redoo interface.  DHR still doesn't really understand
        what function is supposed to do.
    - nl_addattr_l: make attempted buffer overrun fatal (passert).  The
      code used to log and then proceed to overrun the buffer.
    - many functions are designed to return a boolean result: false on
      success and true on failure.  This is unconventionsal.  I've
      added comments to flag this.
    - of the functions that used a bool to indicate failure, and could not
      fail or where no caller cared, the return type has been changed to void.
    - several of those bool results were produced or used as the wrong
      + nl_addattr_nest_end returned a meaningless int but no caller used it.
      + nl_addattr_l returned NULL as if it were a bool but no caller used it
      + nl_addattrstrz and nl_addattr32 returned the nonsense the got from
        nl_addattr_l but no caller used the result.
    - eliminated the (new) logger argument for functions that no longer
      needed it.  This was a cascade due to nl_addatter_l no longer
    - kernel_xfrm_interface.c: the variable xfrm_interface_support isn't
      clear.  Added a comment and an initializer to improve this
    - make ip_link_set_up fail if nl_query_small_resp failed.
    - make ip_link_del fail if nl_query_small_resp failed
    - make ip_link_add_xfrmi fail if nl_query_small_resp failed
    - make ipsec1_support_test fail if ip_link_add_xfrmi failed
    - minor simplifications in control flow
    - reducing scope of some autos
    - make ip_link_set_up file static instead of extern
    - sprinkle "const"
    - sprinkle comments

More information about the Swan-commit mailing list