diff options
author | Mateusz Guzik <mjg@FreeBSD.org> | 2022-09-07 20:27:15 +0000 |
---|---|---|
committer | Mateusz Guzik <mjg@FreeBSD.org> | 2022-11-22 12:23:03 +0000 |
commit | 86104d3ebb3525c2773b3d3881104725b3f0f3cf (patch) | |
tree | 6a6ffc81292c13640da6d16f23754233481a0674 /sys/netipsec | |
parent | 1ffc369aa3e2372ee1492183f8c79f9c2c08a782 (diff) | |
download | src-86104d3ebb3525c2773b3d3881104725b3f0f3cf.tar.gz src-86104d3ebb3525c2773b3d3881104725b3f0f3cf.zip |
ipsec: prohibit unknown directions in key_havesp
Eliminates a branch checking for its validity.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D36485
Diffstat (limited to 'sys/netipsec')
-rw-r--r-- | sys/netipsec/key.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index b8a47a6a678b..093db4fb9126 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -806,8 +806,9 @@ int key_havesp(u_int dir) { - return (dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND ? - TAILQ_FIRST(&V_sptree[dir]) != NULL : 1); + IPSEC_ASSERT(dir == IPSEC_DIR_INBOUND || dir == IPSEC_DIR_OUTBOUND, + ("invalid direction %u", dir)); + return (TAILQ_FIRST(&V_sptree[dir]) != NULL); } /* %%% IPsec policy management */ |