From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 9 Apr 2014 15:09:55 +0000 (+0200)
Subject: attr: Don't shift the 32-bit netmask by 32
X-Git-Tag: 5.1.3~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d34e55375a5449624665eca75db82a01b1389ce;p=thirdparty%2Fstrongswan.git

attr: Don't shift the 32-bit netmask by 32

This is undefined behavior as per the C99 standard (sentence 1185):

 "If the value of the right operand is negative or is greater or equal
  to the width of the promoted left operand, the behavior is undefined."

Apparently shifts may be done modulo the width on some platforms so
a shift by 32 would not shift at all.
---

diff --git a/src/libhydra/plugins/attr/attr_provider.c b/src/libhydra/plugins/attr/attr_provider.c
index a27fd57b11..c1788df94e 100644
--- a/src/libhydra/plugins/attr/attr_provider.c
+++ b/src/libhydra/plugins/attr/attr_provider.c
@@ -242,10 +242,13 @@ static void load_entries(private_attr_provider_t *this)
 				{
 					if (family == AF_INET)
 					{	/* IPv4 attributes contain a subnet mask */
-						u_int32_t netmask;
+						u_int32_t netmask = 0;
 
-						mask = 32 - mask;
-						netmask = htonl((0xFFFFFFFF >> mask) << mask);
+						if (mask)
+						{	/* shifting u_int32_t by 32 or more is undefined */
+							mask = 32 - mask;
+							netmask = htonl((0xFFFFFFFF >> mask) << mask);
+						}
 						data = chunk_cat("cc", host->get_address(host),
 										 chunk_from_thing(netmask));
 					}