encoding: Don't verify length of IKEv1 KE payloads

The verification introduced with 84738b1aed95 ("encoding: Verify the length of KE payload data for known groups") can't be done for IKEv1 as the KE payload does not contain the DH group.
author: Tobias Brunner <tobias@strongswan.org> 2015-03-20 16:32:56 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2015-03-20 16:37:59 +0100
commit: 2ed5f5693d80ee2602d672e17f2210b6fbc3f0a1 (patch)
tree: 681d23c3bfebc19ad765bfb30b53214b82ca73ac /src/libcharon
parent: d2f4345b0361d57e54e7cdd3ae2abfba20429f1f (diff)
download: strongswan-2ed5f5693d80ee2602d672e17f2210b6fbc3f0a1.tar.bz2
strongswan-2ed5f5693d80ee2602d672e17f2210b6fbc3f0a1.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c
index 644b5b6f9..7f3c4e400 100644
--- a/src/libcharon/encoding/payloads/ke_payload.c
+++ b/src/libcharon/encoding/payloads/ke_payload.c
@@ -146,6 +146,12 @@ METHOD(payload_t, verify, status_t,
 	diffie_hellman_group_t g = this->dh_group_number;
 	bool valid = TRUE;
 
+	if (this->type == PLV1_KEY_EXCHANGE)
+	{
+		/* IKEv1 does not transmit the group */
+		return SUCCESS;
+	}
+
 	switch (g)
 	{
 		case MODP_NONE:
author	Tobias Brunner <tobias@strongswan.org>	2015-03-20 16:32:56 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2015-03-20 16:37:59 +0100
commit	2ed5f5693d80ee2602d672e17f2210b6fbc3f0a1 (patch)
tree	681d23c3bfebc19ad765bfb30b53214b82ca73ac /src/libcharon
parent	d2f4345b0361d57e54e7cdd3ae2abfba20429f1f (diff)
download	strongswan-2ed5f5693d80ee2602d672e17f2210b6fbc3f0a1.tar.bz2 strongswan-2ed5f5693d80ee2602d672e17f2210b6fbc3f0a1.tar.xz