diff options
| author | Martin Willi <martin@revosec.ch> | 2013-02-21 11:45:24 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-02-21 11:52:33 +0100 |
| commit | b443fa61231357a4c09f0bfed22be05727427cda (patch) | |
| tree | 2e62adda8bb0ad0fa45f14d2b055f02be025f33f | |
| parent | 0abeac3a0be479cd5514cec4458d8435d8705e93 (diff) | |
| download | strongswan-b443fa61231357a4c09f0bfed22be05727427cda.tar.bz2 strongswan-b443fa61231357a4c09f0bfed22be05727427cda.tar.xz | |
Don't reject OPAQUE ports while verifying traffic selector substructure
| -rw-r--r-- | src/libcharon/encoding/payloads/traffic_selector_substructure.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c index 15f791b95..334823db9 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c @@ -114,7 +114,11 @@ METHOD(payload_t, verify, status_t, { if (this->start_port > this->end_port) { - return FAILED; + /* OPAQUE ports are the only exception */ + if (this->start_port != 0xffff && this->end_port != 0) + { + return FAILED; + } } switch (this->ts_type) { |