[Swan-commit] Changes to ref refs/heads/main

[D. Hugh Redelmeier]

New commits:
commit 0e67cf45937b7cd8b03c7bee24a3871dbb7618d6
Author: D. Hugh Redelmeier <hugh at mimosa.com>
Date:   Wed Jun 16 02:47:01 2021 -0400

    pluto: get rid of fake_md from aggr_outI1_continue()
    
    Stimulus: Coverity flagged a possible null pointer dereference of
    fake_md->smc
    
    I hadn't heard of this crash actually happening.  The reason is that
    the "result" parameter for complete_v1_state_transition would normally
    be STF_IGNORE and the function would return early with no crash.  In
    theory, STF_INTERNAL_ERROR was possible but probably never happened.
    
    I added a pexpect(e == STF_IGNORE) to aggr_outI1_continue.  This
    should be replaced by appropriate logging.  Unfortunately I no longer
    know how to log.
    
    aggr_outI1_continue's call of complete_v1_state_transition is now
    hardwired to use STF_IGNORE
    
    complete_v1_state_transition's passert(md != NULL) was moved to avoid
    demanding an md when none is needed.  (This passert seems silly since
    all hardware we run on will catch null pointer dereferences.)
    
    At this point, fake_md became useless.  And also md's fake_dne field.
    
    I cannot guarantee that Coverity will see that the NULL dereference is
    eliminated.