Browse code

Fix CRB rule maximum FLEVEL being treated as the minimum FLEVEL

Andrew authored on 2019/10/23 05:06:59
Showing 1 changed files
... ...
@@ -2968,25 +2968,25 @@ static int cli_loadcrt(FILE *fs, struct cl_engine *engine, struct cli_dbio *dbio
2968 2968
         }
2969 2969
 
2970 2970
         if (tokens_count > CRT_TOKENS - 2) {
2971
-            if (!cli_isnumber(tokens[CRT_TOKENS - 1])) {
2971
+            if (!cli_isnumber(tokens[CRT_TOKENS - 2])) {
2972 2972
                 cli_errmsg("cli_loadcrt: line %u: Invalid minimum feature level\n", (unsigned int)line);
2973 2973
                 ret = CL_EMALFDB;
2974 2974
                 goto end;
2975 2975
             }
2976
-            if ((unsigned int)atoi(tokens[CRT_TOKENS - 1]) > cl_retflevel()) {
2976
+            if ((unsigned int)atoi(tokens[CRT_TOKENS - 2]) > cl_retflevel()) {
2977 2977
                 cli_dbgmsg("cli_loadcrt: Cert %s not loaded (required f-level: %u)\n", tokens[0], cl_retflevel());
2978 2978
                 continue;
2979 2979
             }
2980 2980
 
2981 2981
             if (tokens_count == CRT_TOKENS) {
2982
-                if (!cli_isnumber(tokens[CRT_TOKENS])) {
2982
+                if (!cli_isnumber(tokens[CRT_TOKENS - 1])) {
2983 2983
                     cli_errmsg("cli_loadcrt: line %u: Invalid maximum feature level\n", (unsigned int)line);
2984 2984
                     ret = CL_EMALFDB;
2985 2985
                     goto end;
2986 2986
                 }
2987 2987
 
2988
-                if ((unsigned int)atoi(tokens[CRT_TOKENS]) < cl_retflevel()) {
2989
-                    cli_dbgmsg("cli_ladcrt: Cert %s not loaded (maximum f-level: %s)\n", tokens[0], tokens[CRT_TOKENS]);
2988
+                if ((unsigned int)atoi(tokens[CRT_TOKENS - 1]) < cl_retflevel()) {
2989
+                    cli_dbgmsg("cli_ladcrt: Cert %s not loaded (maximum f-level: %s)\n", tokens[0], tokens[CRT_TOKENS - 1]);
2990 2990
                     continue;
2991 2991
                 }
2992 2992
             }