ikev1: Accept SPI size of any length <= 16 in ISAKMP proposal

Fixes #533.
author: Tobias Brunner <tobias@strongswan.org> 2014-03-03 14:03:46 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2014-03-31 14:32:44 +0200
commit: a30e0001e4c44720681aa41b26e99b8d8e5e2413 (patch)
tree: 4e8b6c11cbb3168a4cb44e4494be60928d348d88
parent: a213944d4a9136d10779684fff7fb59f8b0846d4 (diff)
download: strongswan-a30e0001e4c44720681aa41b26e99b8d8e5e2413.tar.bz2
strongswan-a30e0001e4c44720681aa41b26e99b8d8e5e2413.tar.xz
1 files changed, 12 insertions, 4 deletions
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index cb9b359b3..3e35b75c6 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -361,12 +361,20 @@ METHOD(payload_t, verify, status_t,
 			}
 			break;
 		case PROTO_IKE:
-			if (this->spi.len != 0 && this->spi.len  != 8)
+			if (this->type == PROPOSAL_SUBSTRUCTURE_V1)
 			{
-				DBG1(DBG_ENC, "invalid SPI length in IKE proposal");
-				return FAILED;
+				if (this->spi.len <= 16)
+				{	/* according to RFC 2409, section 3.5 anything between
+					 * 0 and 16 is fine */
+					break;
+				}
 			}
-			break;
+			else if (this->spi.len == 0 || this->spi.len  == 8)
+			{
+				break;
+			}
+			DBG1(DBG_ENC, "invalid SPI length in IKE proposal");
+			return FAILED;
 		default:
 			break;
 	}
author	Tobias Brunner <tobias@strongswan.org>	2014-03-03 14:03:46 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2014-03-31 14:32:44 +0200
commit	a30e0001e4c44720681aa41b26e99b8d8e5e2413 (patch)
tree	4e8b6c11cbb3168a4cb44e4494be60928d348d88
parent	a213944d4a9136d10779684fff7fb59f8b0846d4 (diff)
download	strongswan-a30e0001e4c44720681aa41b26e99b8d8e5e2413.tar.bz2 strongswan-a30e0001e4c44720681aa41b26e99b8d8e5e2413.tar.xz