Don't reject OPAQUE ports while verifying traffic selector substructure
authorMartin Willi <martin@revosec.ch>
Thu, 21 Feb 2013 10:45:24 +0000 (11:45 +0100)
committerMartin Willi <martin@revosec.ch>
Thu, 21 Feb 2013 10:52:33 +0000 (11:52 +0100)
src/libcharon/encoding/payloads/traffic_selector_substructure.c

index 15f791b..334823d 100644 (file)
@@ -114,7 +114,11 @@ METHOD(payload_t, verify, status_t,
 {
        if (this->start_port > this->end_port)
        {
-               return FAILED;
+               /* OPAQUE ports are the only exception */
+               if (this->start_port != 0xffff && this->end_port != 0)
+               {
+                       return FAILED;
+               }
        }
        switch (this->ts_type)
        {