encoding: Don't verify length of IKEv1 KE payloads
authorTobias Brunner <tobias@strongswan.org>
Fri, 20 Mar 2015 15:32:56 +0000 (16:32 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 20 Mar 2015 15:37:59 +0000 (16:37 +0100)
The verification introduced with 84738b1aed95 ("encoding: Verify the length
of KE payload data for known groups") can't be done for IKEv1 as the KE
payload does not contain the DH group.

src/libcharon/encoding/payloads/ke_payload.c

index 644b5b6..7f3c4e4 100644 (file)
@@ -146,6 +146,12 @@ METHOD(payload_t, verify, status_t,
        diffie_hellman_group_t g = this->dh_group_number;
        bool valid = TRUE;
 
+       if (this->type == PLV1_KEY_EXCHANGE)
+       {
+               /* IKEv1 does not transmit the group */
+               return SUCCESS;
+       }
+
        switch (g)
        {
                case MODP_NONE: