[Swan-dev] [Swan] libreswan-3.5/lib/libswan/subnettot.c:29: possible bad if test ?
paul at nohats.ca
Wed Oct 23 21:11:27 EEST 2013
On Wed, 23 Oct 2013, D. Hugh Redelmeier wrote:
> Why not just return the result directly?
That does make more sense.
> And another thing. Is the test the right test? Since it never failed
> before, it wasn't a problem. But is a subnet with /0 legal?
I hadn't thought about the /0. Yes it is valid.
I guess it meant to disregard 184.108.40.206/43 and the like... which already
is rejected despite this routine's failure:
ipsec auto --add test
while loading 'test': bad subnet leftsubnet=220.127.116.11/34 [subnet mask bit
count too large]
conn test did not load properly
This is rejected in ttosubnet()
> There is only one caller (in file confwrite.c). That caller ought to
> know what it requires and enforce it.
I propose to remove isvalidsubnet() alltogether
More information about the Swan-dev