[Swan] [Swan-dev] libreswan-3.5/lib/libswan/subnettot.c:29: possible bad if test ?
Paul Wouters
paul at nohats.ca
Wed Oct 23 21:11:27 EEST 2013
On Wed, 23 Oct 2013, D. Hugh Redelmeier wrote:
> Why not just return the result directly?
That does make more sense.
> And another thing. Is the test the right test? Since it never failed
> before, it wasn't a problem. But is a subnet with /0 legal?
I hadn't thought about the /0. Yes it is valid.
I guess it meant to disregard 1.2.3.4/43 and the like... which already
is rejected despite this routine's failure:
ipsec auto --add test
while loading 'test': bad subnet leftsubnet=1.2.3.5/34 [subnet mask bit
count too large]
conn test did not load properly
This is rejected in ttosubnet()
> There is only one caller (in file confwrite.c). That caller ought to
> know what it requires and enforce it.
I propose to remove isvalidsubnet() alltogether
Paul
More information about the Swan
mailing list