checking the size of ME_* notify payloads

2 files changed, 22 insertions, 9 deletions

diff --git a/src/charon/encoding/payloads/notify_payload.c b/src/charon/encoding/payloads/notify_payload.c
index a893ab42a..239190149 100644
--- a/src/charon/encoding/payloads/notify_payload.c
+++ b/src/charon/encoding/payloads/notify_payload.c
@@ -332,7 +332,27 @@ static status_t verify(private_notify_payload_t *this)
 			}
 			break;
 		}
-		/* FIXME: check size of IKE-ME payloads */
+		case ME_ENDPOINT:
+			if (this->notification_data.len != 12 ||
+				this->notification_data.len != 24)
+			{
+				bad_length = TRUE;
+			}
+			break;
+		case ME_CONNECTID:
+			if (this->notification_data.len < 4 ||
+				this->notification_data.len > 16)
+			{
+				bad_length = TRUE;
+			}
+			break;
+		case ME_CONNECTKEY:
+			if (this->notification_data.len < 16 ||
+				this->notification_data.len > 32)
+			{
+				bad_length = TRUE;
+			}
+			break;
 		default:
 			/* TODO: verify */
 			break;
diff --git a/src/charon/sa/tasks/ike_me.c b/src/charon/sa/tasks/ike_me.c
index 64741c6ba..2d6862dc3 100644
--- a/src/charon/sa/tasks/ike_me.c
+++ b/src/charon/sa/tasks/ike_me.c
@@ -26,16 +26,9 @@
 #include <encoding/payloads/endpoint_notify.h>
 #include <processing/jobs/mediation_job.h>
 
-#define ME_CONNECTID_LEN 8
+#define ME_CONNECTID_LEN 4
 #define ME_CONNECTKEY_LEN 16
 
-/* FIXME: proposed values */
-#define ME_CONNECTID_MIN_LEN 4
-#define ME_CONNECTID_MAX_LEN 16
-#define ME_CONNECTKEY_MIN_LEN 8
-#define ME_CONNECTKEY_MAX_LEN 64
-
-
 typedef struct private_ike_me_t private_ike_me_t;
 
 /**