| commit 9945236619b17fa13dfd1cfbe60359dcbf3fcd21
| Author: D. Hugh Redelmeier <[email protected]>
| Date: Fri May 7 23:58:52 2021 -0400
|
| pluto: packet.c: add consistency check to pbs_in_struct
|
| pbs_in_struct now requires that if and only if the structure has a
| length field then the obj_pbs isn't NULL.
|
| There are a few places where this part was intentionally ignored.
| This required adding a dummy pbs variable ("ignored").
Structs, as understood by packet.h, sometimes have variable parts
after the fixed fields.
Here's an extract from the ancient comments at the head of
pbs_in_struct. The last parameter of pbs_in_struct is
struct pbs_in *obj_pbs"
The phrase "is supplied" means "is not NULL".
* If obj_pbs is supplied, a new pb_stream is created for the
* variable part of the structure (this depends on their
* being one length field in the structure). The cursor of this
* new PBS is set to after the parsed part of the struct.
The new code just checks that the caller conforms to this:
- if there is no length field, there is no variable part, and obj_pbs
must not be supplied
- if there is a length field in the struct, there is a variable part,
and obj_pbs must be supplied.
- there must not be more than one length field
There were a few calls in our code that didn't supply an obj_pbs, even
though the struct contained a length. They were just going to ignore
the variable part. I had to change them to receive the variable part,
but ignore it.
I was prompted to add this because it would have caught a mistake we
made but never committed. It has not caught any actual bugs in our
code. The more checking, the more confidence we can have in our code.
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
