Import upstream version 5.1.3

author: Romain Francoise <rfrancoise@debian.org> 2014-04-15 19:34:32 +0200
committer: Romain Francoise <rfrancoise@debian.org> 2014-04-15 19:34:32 +0200
commit: c5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9 (patch)
tree: d4e2118cbd411caa1a0528eac831030109bc6e65 /src/libcharon/encoding/payloads/proposal_substructure.c
parent: 15fb7904f4431a6e7c305fd08732458f7f885e7e (diff)
download: vyos-strongswan-c5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9.tar.gz
vyos-strongswan-c5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9.zip
1 files changed, 12 insertions, 4 deletions
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index cb9b359b3..3e35b75c6 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -361,12 +361,20 @@ METHOD(payload_t, verify, status_t,
 			}
 			break;
 		case PROTO_IKE:
-			if (this->spi.len != 0 && this->spi.len  != 8)
+			if (this->type == PROPOSAL_SUBSTRUCTURE_V1)
 			{
-				DBG1(DBG_ENC, "invalid SPI length in IKE proposal");
-				return FAILED;
+				if (this->spi.len <= 16)
+				{	/* according to RFC 2409, section 3.5 anything between
+					 * 0 and 16 is fine */
+					break;
+				}
 			}
-			break;
+			else if (this->spi.len == 0 || this->spi.len  == 8)
+			{
+				break;
+			}
+			DBG1(DBG_ENC, "invalid SPI length in IKE proposal");
+			return FAILED;
 		default:
 			break;
 	}
author	Romain Francoise <rfrancoise@debian.org>	2014-04-15 19:34:32 +0200
committer	Romain Francoise <rfrancoise@debian.org>	2014-04-15 19:34:32 +0200
commit	c5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9 (patch)
tree	d4e2118cbd411caa1a0528eac831030109bc6e65 /src/libcharon/encoding/payloads/proposal_substructure.c
parent	15fb7904f4431a6e7c305fd08732458f7f885e7e (diff)
download	vyos-strongswan-c5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9.tar.gz vyos-strongswan-c5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9.zip