checking the size of ME_* notify payloads
authorTobias Brunner <tobias@strongswan.org>
Thu, 27 Mar 2008 10:17:29 +0000 (10:17 -0000)
committerTobias Brunner <tobias@strongswan.org>
Thu, 27 Mar 2008 10:17:29 +0000 (10:17 -0000)
src/charon/encoding/payloads/notify_payload.c
src/charon/sa/tasks/ike_me.c

index a893ab4..2391901 100644 (file)
@@ -332,7 +332,27 @@ static status_t verify(private_notify_payload_t *this)
                        }
                        break;
                }
-               /* FIXME: check size of IKE-ME payloads */
+               case ME_ENDPOINT:
+                       if (this->notification_data.len != 12 ||
+                               this->notification_data.len != 24)
+                       {
+                               bad_length = TRUE;
+                       }
+                       break;
+               case ME_CONNECTID:
+                       if (this->notification_data.len < 4 ||
+                               this->notification_data.len > 16)
+                       {
+                               bad_length = TRUE;
+                       }
+                       break;
+               case ME_CONNECTKEY:
+                       if (this->notification_data.len < 16 ||
+                               this->notification_data.len > 32)
+                       {
+                               bad_length = TRUE;
+                       }
+                       break;
                default:
                        /* TODO: verify */
                        break;
index 64741c6..2d6862d 100644 (file)
 #include <encoding/payloads/endpoint_notify.h>
 #include <processing/jobs/mediation_job.h>
 
-#define ME_CONNECTID_LEN 8
+#define ME_CONNECTID_LEN 4
 #define ME_CONNECTKEY_LEN 16
 
-/* FIXME: proposed values */
-#define ME_CONNECTID_MIN_LEN 4
-#define ME_CONNECTID_MAX_LEN 16
-#define ME_CONNECTKEY_MIN_LEN 8
-#define ME_CONNECTKEY_MAX_LEN 64
-
-
 typedef struct private_ike_me_t private_ike_me_t;
 
 /**