diff options
author | Tobias Brunner <tobias@strongswan.org> | 2016-02-10 10:11:31 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2016-03-03 17:32:03 +0100 |
commit | 91d80298f9de5e7d792b7cb0a6c7a2c61784d744 (patch) | |
tree | 9ad98aa0caa4c775764afd3eaf76327d9eb7e8ea /src/libcharon/encoding | |
parent | 2f3c08d268a6ead9e7d9e74b523600d76e3e5722 (diff) | |
download | strongswan-91d80298f9de5e7d792b7cb0a6c7a2c61784d744.tar.bz2 strongswan-91d80298f9de5e7d792b7cb0a6c7a2c61784d744.tar.xz |
ikev1: Send and verify IPv6 addresses correctly
According to the mode-config draft there is no prefix sent for
IPv6 addresses in IKEv1. We still accept 17 bytes long addresses for
backwards compatibility with older strongSwan releases.
Fixes #1304.
Diffstat (limited to 'src/libcharon/encoding')
-rw-r--r-- | src/libcharon/encoding/payloads/configuration_attribute.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/libcharon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c index 481bb7bc6..0bc94708f 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.c +++ b/src/libcharon/encoding/payloads/configuration_attribute.c @@ -144,6 +144,13 @@ METHOD(payload_t, verify, status_t, } break; case INTERNAL_IP6_ADDRESS: + if (this->type == PLV1_CONFIGURATION_ATTRIBUTE && + this->length_or_value == 16) + { /* 16 bytes are correct for IKEv1, but older releases sent a + * prefix byte so we still accept 0 or 17 as in IKEv2 */ + break; + } + /* fall-through */ case INTERNAL_IP6_SUBNET: if (this->length_or_value != 0 && this->length_or_value != 17) { |