X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=blobdiff_plain;f=src%2Flibcharon%2Fencoding%2Fpayloads%2Fnonce_payload.c;h=3c5eeb535dbd458abc645958a415dac24428c84c;hp=58ef70a0e3f82a08fe6045f59336221079a70d74;hb=31fc14e394203be67a711801819a73a7365f9800;hpb=95a26523afc0d2a997cd1d4f738c287ae045ae4e

diff --git a/src/libcharon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c
index 58ef70a..3c5eeb5 100644
--- a/src/libcharon/encoding/payloads/nonce_payload.c
+++ b/src/libcharon/encoding/payloads/nonce_payload.c
@@ -19,6 +19,7 @@
 
 #include "nonce_payload.h"
 
+#include <daemon.h>
 #include <encoding/payloads/encodings.h>
 
 typedef struct private_nonce_payload_t private_nonce_payload_t;
@@ -103,8 +104,26 @@ static encoding_rule_t encodings[] = {
 METHOD(payload_t, verify, status_t,
 	private_nonce_payload_t *this)
 {
-	if (this->nonce.len < 16 || this->nonce.len > 256)
+	bool bad_length = FALSE;
+
+	if (this->nonce.len > 256)
+	{
+		bad_length = TRUE;
+	}
+	if (this->type == NONCE &&
+		this->nonce.len < 16)
+	{
+		bad_length = TRUE;
+	}
+	if (this->type == NONCE_V1 &&
+		this->nonce.len < 8)
+	{
+		bad_length = TRUE;
+	}
+	if (bad_length)
 	{
+		DBG1(DBG_ENC, "%N payload has invalid length (%d bytes)",
+			 payload_type_names, this->type, this->nonce.len);
 		return FAILED;
 	}
 	return SUCCESS;