encoding: Accept all exchange types for non IKEv1/IKEv2 major versions
authorMartin Willi <martin@revosec.ch>
Wed, 10 Sep 2014 09:14:22 +0000 (11:14 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 22 Sep 2014 11:42:11 +0000 (13:42 +0200)
src/libcharon/encoding/payloads/ike_header.c

index 7015667..c96738a 100644 (file)
@@ -210,8 +210,9 @@ METHOD(payload_t, verify, status_t,
                case TRANSACTION:
                case QUICK_MODE:
                case NEW_GROUP_MODE:
-                       if (this->maj_version != IKEV1_MAJOR_VERSION)
+                       if (this->maj_version == IKEV2_MAJOR_VERSION)
                        {
+                               /* IKEv1 exchange type in IKEv2? */
                                return FAILED;
                        }
                        break;
@@ -223,14 +224,20 @@ METHOD(payload_t, verify, status_t,
 #ifdef ME
                case ME_CONNECT:
 #endif /* ME */
-                       if (this->maj_version != IKEV2_MAJOR_VERSION)
+                       if (this->maj_version == IKEV1_MAJOR_VERSION)
                        {
+                               /* IKEv2 exchange type in IKEv1? */
                                return FAILED;
                        }
                        break;
                default:
-                       /* unsupported exchange type */
-                       return FAILED;
+                       if (this->maj_version == IKEV1_MAJOR_VERSION ||
+                               this->maj_version == IKEV2_MAJOR_VERSION)
+                       {
+                               /* unsupported exchange type for known version */
+                               return FAILED;
+                       }
+                       break;
        }
        if (this->initiator_spi == 0)
        {
@@ -501,4 +508,3 @@ ike_header_t *ike_header_create_version(int major, int minor)
        }
        return this;
 }
-