[Swan-dev] oddity in ikev2_process_child_sa_pl
D. Hugh Redelmeier
hugh at mimosa.com
Sun Jun 3 22:18:28 UTC 2018
/*
* Update/check the PFS.
*
* For the responder, go with what ever was negotiated. For
* the initiator, check what was negotiated against what was
* sent.
*/
const struct oakley_group_desc *accepted_dh = proto_info->attrs.transattrs.ta_dh;
switch (st->st_sa_role) {
case SA_INITIATOR:
pexpect(expect_accepted);
if (accepted_dh != NULL && accepted_dh != st->st_pfs_group) {
loglog(RC_LOG_SERIOUS,
"expecting %s but remote's accepted proposal includes %s",
st->st_pfs_group == NULL ? "no DH" : st->st_pfs_group->common.fqn,
accepted_dh == NULL ? "no DH" : accepted_dh->common.fqn);
return STF_FAIL + v2N_NO_PROPOSAL_CHOSEN;
}
st->st_pfs_group = accepted_dh;
break;
coverity noticed that
accepted_dh == NULL ? "no DH" : accepted_dh->common.fqn);
was silly because we know that accepted_dh is not NULL (the preceding if checks).
I'm wondering, whether the test is correct. Should it be || instead of &&? It's not clear to me.
More information about the Swan-dev
mailing list