diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2014-10-14 14:05:48 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2014-10-14 14:10:33 +0200 |
| commit | 15dee933de7d0e9060da90a821257f731c8f0414 (patch) | |
| tree | 58a6066f0c95e46006647d923737002056dcd5ff | |
| parent | 283229bcb736c4b2b22f4efb1ee777cee0f294ed (diff) | |
| download | strongswan-15dee933de7d0e9060da90a821257f731c8f0414.tar.bz2 strongswan-15dee933de7d0e9060da90a821257f731c8f0414.tar.xz | |
ip-packet: Fix removal of TFC padding for IPv6
The IPv6 length field denotes the payload length after the 40 bytes header.
Fixes: 293515f95cf5 ("libipsec: remove extra RFC4303 TFC padding appended to inner payload")
| -rw-r--r-- | src/libipsec/ip_packet.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c index 806526292..0998efa9d 100644 --- a/src/libipsec/ip_packet.c +++ b/src/libipsec/ip_packet.c @@ -247,7 +247,7 @@ ip_packet_t *ip_packet_create(chunk_t packet) } ip = (struct ip6_hdr*)packet.ptr; /* remove any RFC 4303 TFC extra padding */ - packet.len = min(packet.len, untoh16(&ip->ip6_plen)); + packet.len = min(packet.len, 40 + untoh16(&ip->ip6_plen)); /* we only handle packets without extension headers, just skip the * basic IPv6 header */ payload = chunk_skip(packet, 40); |