Am 15.07.20 um 16:34 schrieb Steffan Karger:
> Hi
> 
> On 13-07-2020 11:46, Arne Schwabe wrote:
>> @@ -1100,7 +1100,7 @@ process_incoming_link_part1(struct context *c, struct 
>> link_socket_info *lsi, boo
>>                                  floated, &ad_start))
>>              {
>>                  /* Restore pre-NCP frame parameters */
>> -                if (is_hard_reset(opcode, c->options.key_method))
>> +                if (is_hard_reset(opcode, KEY_METHOD_2))
>>                  {
> 
> Can't we just remove the key_method parameter from is_hard_reset()?

Some code still checks if it is a general hard reset or if it is a v2
hard reset. I agree that we can do more cleanup in this area but that
would make more code changes. Should we pull that into this change?

>> @@ -3817,10 +3803,9 @@ options_string(const struct options *o,
>>               * tls-auth/tls-crypt does not match.  Removing tls-auth here 
>> would
>>               * break stuff, so leaving that in place. */
>>  
>> -            if (o->key_method > 1)
>> -            {
>> -                buf_printf(&out, ",key-method %d", o->key_method);
>> -            }
>> +
>> +
>> +            buf_printf(&out, ",key-method %d", 2);
> 
> This could do with one less newline.
> 
>> @@ -2404,7 +2348,7 @@ key_method_2_write(struct buffer *buf, struct 
>> tls_session *session)
>>      }
>>  
>>      /* write key_method + flags */
>> -    if (!buf_write_u8(buf, (session->opt->key_method & KEY_METHOD_MASK)))
>> +    if (!buf_write_u8(buf, (KEY_METHOD_2 & KEY_METHOD_MASK)))
>>      {
>>          goto error;
>>      }
> 
> The masking looks a bit silly now. Maybe replace with a static_assert()
> if you want to be sure that no "wrong" bits are set?

Yeah I think the mask is silly here. I will just remove it.

> 
>>  static bool
>>  key_method_2_read(struct buffer *buf, struct tls_multi *multi, struct 
>> tls_session *session)
>>  {
>>      struct key_state *ks = &session->key[KS_PRIMARY];      /* primary key */
>>  
>> -    int key_method_flags;
>>      bool username_status, password_status;
>>  
>>      struct gc_arena gc = gc_new();
>> @@ -2582,8 +2464,6 @@ key_method_2_read(struct buffer *buf, struct tls_multi 
>> *multi, struct tls_sessio
>>      /* allocate temporary objects */
>>      ALLOC_ARRAY_CLEAR_GC(options, char, TLS_OPTIONS_LEN, &gc);
>>  
>> -    ASSERT(session->opt->key_method == 2);
>> -
>>      /* discard leading uint32 */
>>      if (!buf_advance(buf, 4))
>>      {
>> @@ -2593,7 +2473,7 @@ key_method_2_read(struct buffer *buf, struct tls_multi 
>> *multi, struct tls_sessio
>>      }
>>  
>>      /* get key method */
>> -    key_method_flags = buf_read_u8(buf);
>> +    int key_method_flags = buf_read_u8(buf);
> 
> This variable declaration is now *after* a "goto error" jump. Currently
> not harmful, because the variable isn't used after the error label, but
> static analyzers might complain about "jump past initialization".
> 
> Otherwise this looks good based on stare-at-code. Didn't have time to
> test yet.

Clang/gcc will already complain/error out if you actually jump past
initialisation. So I think we are good here. Static analyzer are
hopefully not that broken.

Arne

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to