ip-packet: Fix removal of TFC padding for IPv6
authorTobias Brunner <tobias@strongswan.org>
Tue, 14 Oct 2014 12:05:48 +0000 (14:05 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 14 Oct 2014 12:10:33 +0000 (14:10 +0200)
The IPv6 length field denotes the payload length after the 40 bytes header.

Fixes: 293515f95cf5 ("libipsec: remove extra RFC4303 TFC padding appended to inner payload")

src/libipsec/ip_packet.c

index 8065262..0998efa 100644 (file)
@@ -247,7 +247,7 @@ ip_packet_t *ip_packet_create(chunk_t packet)
                        }
                        ip = (struct ip6_hdr*)packet.ptr;
                        /* remove any RFC 4303 TFC extra padding */
                        }
                        ip = (struct ip6_hdr*)packet.ptr;
                        /* remove any RFC 4303 TFC extra padding */
-                       packet.len = min(packet.len, untoh16(&ip->ip6_plen));
+                       packet.len = min(packet.len, 40 + untoh16(&ip->ip6_plen));
                        /* we only handle packets without extension headers, just skip the
                         * basic IPv6 header */
                        payload = chunk_skip(packet, 40);
                        /* we only handle packets without extension headers, just skip the
                         * basic IPv6 header */
                        payload = chunk_skip(packet, 40);