[Swan-dev] [Swan] libreswan-3.5/lib/libswan/subnettot.c:29: possible bad if test ?

Paul Wouters paul at nohats.ca
Wed Oct 23 21:11:27 EEST 2013

On Wed, 23 Oct 2013, D. Hugh Redelmeier wrote:

> Why not just return the result directly?

That does make more sense.

> And another thing.  Is the test the right test?  Since it never failed
> before, it wasn't a problem.  But is a subnet with /0 legal?

I hadn't thought about the /0. Yes it is valid.

I guess it meant to disregard and the like... which already
is rejected despite this routine's failure:

ipsec auto --add test
while loading 'test': bad subnet leftsubnet= [subnet mask bit
count too large]

conn test did not load properly

This is rejected in ttosubnet()

> There is only one caller (in file confwrite.c).  That caller ought to
> know what it requires and enforce it.

I propose to remove isvalidsubnet() alltogether


More information about the Swan-dev mailing list