Browse code

Fix CRB rule maximum FLEVEL being treated as the minimum FLEVEL

Andrew authored on 2019/10/23 05:06:59
Showing 1 changed files
... ...
@@ -2971,25 +2971,25 @@ static int cli_loadcrt(FILE *fs, struct cl_engine *engine, struct cli_dbio *dbio
2971 2971
         }
2972 2972
 
2973 2973
         if (tokens_count > CRT_TOKENS - 2) {
2974
-            if (!cli_isnumber(tokens[CRT_TOKENS-1])) {
2974
+            if (!cli_isnumber(tokens[CRT_TOKENS - 2])) {
2975 2975
                 cli_errmsg("cli_loadcrt: line %u: Invalid minimum feature level\n", (unsigned int)line);
2976 2976
                 ret = CL_EMALFDB;
2977 2977
                 goto end;
2978 2978
             }
2979
-            if ((unsigned int)atoi(tokens[CRT_TOKENS-1]) > cl_retflevel()) {
2979
+            if ((unsigned int)atoi(tokens[CRT_TOKENS - 2]) > cl_retflevel()) {
2980 2980
                 cli_dbgmsg("cli_loadcrt: Cert %s not loaded (required f-level: %u)\n", tokens[0], cl_retflevel());
2981 2981
                 continue;
2982 2982
             }
2983 2983
 
2984 2984
             if (tokens_count == CRT_TOKENS) {
2985
-                if (!cli_isnumber(tokens[CRT_TOKENS])) {
2985
+                if (!cli_isnumber(tokens[CRT_TOKENS - 1])) {
2986 2986
                     cli_errmsg("cli_loadcrt: line %u: Invalid maximum feature level\n", (unsigned int)line);
2987 2987
                     ret = CL_EMALFDB;
2988 2988
                     goto end;
2989 2989
                 }
2990 2990
 
2991
-                if ((unsigned int)atoi(tokens[CRT_TOKENS]) < cl_retflevel()) {
2992
-                    cli_dbgmsg("cli_ladcrt: Cert %s not loaded (maximum f-level: %s)\n", tokens[0], tokens[CRT_TOKENS]);
2991
+                if ((unsigned int)atoi(tokens[CRT_TOKENS - 1]) < cl_retflevel()) {
2992
+                    cli_dbgmsg("cli_ladcrt: Cert %s not loaded (maximum f-level: %s)\n", tokens[0], tokens[CRT_TOKENS - 1]);
2993 2993
                     continue;
2994 2994
                 }
2995 2995
             }