aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/encoding
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2016-02-10 10:11:31 +0100
committerTobias Brunner <tobias@strongswan.org>2016-03-03 17:32:03 +0100
commit91d80298f9de5e7d792b7cb0a6c7a2c61784d744 (patch)
tree9ad98aa0caa4c775764afd3eaf76327d9eb7e8ea /src/libcharon/encoding
parent2f3c08d268a6ead9e7d9e74b523600d76e3e5722 (diff)
downloadstrongswan-91d80298f9de5e7d792b7cb0a6c7a2c61784d744.tar.bz2
strongswan-91d80298f9de5e7d792b7cb0a6c7a2c61784d744.tar.xz
ikev1: Send and verify IPv6 addresses correctly
According to the mode-config draft there is no prefix sent for IPv6 addresses in IKEv1. We still accept 17 bytes long addresses for backwards compatibility with older strongSwan releases. Fixes #1304.
Diffstat (limited to 'src/libcharon/encoding')
-rw-r--r--src/libcharon/encoding/payloads/configuration_attribute.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/libcharon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c
index 481bb7bc6..0bc94708f 100644
--- a/src/libcharon/encoding/payloads/configuration_attribute.c
+++ b/src/libcharon/encoding/payloads/configuration_attribute.c
@@ -144,6 +144,13 @@ METHOD(payload_t, verify, status_t,
}
break;
case INTERNAL_IP6_ADDRESS:
+ if (this->type == PLV1_CONFIGURATION_ATTRIBUTE &&
+ this->length_or_value == 16)
+ { /* 16 bytes are correct for IKEv1, but older releases sent a
+ * prefix byte so we still accept 0 or 17 as in IKEv2 */
+ break;
+ }
+ /* fall-through */
case INTERNAL_IP6_SUBNET:
if (this->length_or_value != 0 && this->length_or_value != 17)
{