Fixed verification of DELETE_V1 payloads.
authorTobias Brunner <tobias@strongswan.org>
Wed, 23 Nov 2011 11:35:58 +0000 (12:35 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 20 Mar 2012 16:30:50 +0000 (17:30 +0100)
src/libcharon/encoding/payloads/delete_payload.c

index 5609ea7..79070a7 100644 (file)
@@ -178,10 +178,19 @@ METHOD(payload_t, verify, status_t,
                        break;
                case PROTO_IKE:
                case 0:
-                       /* IKE deletion has no spi assigned! */
-                       if (this->spi_size != 0)
-                       {
-                               return FAILED;
+                       if (this->type == DELETE)
+                       {       /* IKEv2 deletion has no spi assigned! */
+                               if (this->spi_size != 0)
+                               {
+                                       return FAILED;
+                               }
+                       }
+                       else
+                       {       /* IKEv1 uses the two concatenated ISAKMP cookies as SPI */
+                               if (this->spi_size != 16)
+                               {
+                                       return FAILED;
+                               }
                        }
                        break;
                default: