summaryrefslogtreecommitdiff
path: root/src/libcharon/encoding
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/encoding')
-rw-r--r--src/libcharon/encoding/message.c12
-rw-r--r--src/libcharon/encoding/payloads/configuration_attribute.c9
2 files changed, 15 insertions, 6 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 3303024cd..bbdc4629d 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -551,13 +551,13 @@ static payload_order_t aggressive_i_order[] = {
{PLV1_NONCE, 0},
{PLV1_ID, 0},
{PLV1_CERTIFICATE, 0},
+ {PLV1_CERTREQ, 0},
+ {PLV1_NOTIFY, 0},
+ {PLV1_VENDOR_ID, 0},
{PLV1_NAT_D, 0},
{PLV1_NAT_D_DRAFT_00_03, 0},
{PLV1_SIGNATURE, 0},
{PLV1_HASH, 0},
- {PLV1_CERTREQ, 0},
- {PLV1_NOTIFY, 0},
- {PLV1_VENDOR_ID, 0},
{PLV1_FRAGMENT, 0},
};
@@ -591,13 +591,13 @@ static payload_order_t aggressive_r_order[] = {
{PLV1_NONCE, 0},
{PLV1_ID, 0},
{PLV1_CERTIFICATE, 0},
+ {PLV1_CERTREQ, 0},
+ {PLV1_NOTIFY, 0},
+ {PLV1_VENDOR_ID, 0},
{PLV1_NAT_D, 0},
{PLV1_NAT_D_DRAFT_00_03, 0},
{PLV1_SIGNATURE, 0},
{PLV1_HASH, 0},
- {PLV1_CERTREQ, 0},
- {PLV1_NOTIFY, 0},
- {PLV1_VENDOR_ID, 0},
{PLV1_FRAGMENT, 0},
};
diff --git a/src/libcharon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c
index 481bb7bc6..4ecdf569d 100644
--- a/src/libcharon/encoding/payloads/configuration_attribute.c
+++ b/src/libcharon/encoding/payloads/configuration_attribute.c
@@ -132,6 +132,7 @@ METHOD(payload_t, verify, status_t,
case INTERNAL_IP4_NBNS:
case INTERNAL_ADDRESS_EXPIRY:
case INTERNAL_IP4_DHCP:
+ case P_CSCF_IP4_ADDRESS:
if (this->length_or_value != 0 && this->length_or_value != 4)
{
failed = TRUE;
@@ -144,6 +145,13 @@ METHOD(payload_t, verify, status_t,
}
break;
case INTERNAL_IP6_ADDRESS:
+ if (this->type == PLV1_CONFIGURATION_ATTRIBUTE &&
+ this->length_or_value == 16)
+ { /* 16 bytes are correct for IKEv1, but older releases sent a
+ * prefix byte so we still accept 0 or 17 as in IKEv2 */
+ break;
+ }
+ /* fall-through */
case INTERNAL_IP6_SUBNET:
if (this->length_or_value != 0 && this->length_or_value != 17)
{
@@ -153,6 +161,7 @@ METHOD(payload_t, verify, status_t,
case INTERNAL_IP6_DNS:
case INTERNAL_IP6_NBNS:
case INTERNAL_IP6_DHCP:
+ case P_CSCF_IP6_ADDRESS:
if (this->length_or_value != 0 && this->length_or_value != 16)
{
failed = TRUE;
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 10:33:44 +0000