aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libcharon/encoding/payloads/proposal_substructure.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index cb9b359b3..3e35b75c6 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -361,12 +361,20 @@ METHOD(payload_t, verify, status_t,
}
break;
case PROTO_IKE:
- if (this->spi.len != 0 && this->spi.len != 8)
+ if (this->type == PROPOSAL_SUBSTRUCTURE_V1)
{
- DBG1(DBG_ENC, "invalid SPI length in IKE proposal");
- return FAILED;
+ if (this->spi.len <= 16)
+ { /* according to RFC 2409, section 3.5 anything between
+ * 0 and 16 is fine */
+ break;
+ }
}
- break;
+ else if (this->spi.len == 0 || this->spi.len == 8)
+ {
+ break;
+ }
+ DBG1(DBG_ENC, "invalid SPI length in IKE proposal");
+ return FAILED;
default:
break;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-13 04:02:53 +0000