Reset the encrypted flag when handling IKE messages that contain a fragment
authorTobias Brunner <tobias@strongswan.org>
Wed, 12 Dec 2012 17:18:37 +0000 (18:18 +0100)
committerTobias Brunner <tobias@strongswan.org>
Mon, 24 Dec 2012 09:24:48 +0000 (10:24 +0100)
Racoon sets the encrypted bit for messages containing a fragment, but these
messages are not really encrypted (the fragmented message is though).

src/libcharon/encoding/message.c

index 55e9f33..c0f4686 100644 (file)
@@ -1693,6 +1693,12 @@ METHOD(message_t, parse_header, status_t,
        }
        this->first_payload = ike_header->payload_interface.get_next_type(
                                                                                                &ike_header->payload_interface);
+       if (this->first_payload == FRAGMENT_V1 && this->is_encrypted)
+       {       /* racoon sets the encryted bit when sending a fragment, but these
+                * messages are really not encrypted */
+               this->is_encrypted = FALSE;
+       }
+
        for (i = 0; i < countof(this->reserved); i++)
        {
                reserved = payload_get_field(&ike_header->payload_interface,