From 2ed5f5693d80ee2602d672e17f2210b6fbc3f0a1 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 20 Mar 2015 16:32:56 +0100 Subject: [PATCH] encoding: Don't verify length of IKEv1 KE payloads The verification introduced with 84738b1aed95 ("encoding: Verify the length of KE payload data for known groups") can't be done for IKEv1 as the KE payload does not contain the DH group. --- src/libcharon/encoding/payloads/ke_payload.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c index 644b5b6f9..7f3c4e400 100644 --- a/src/libcharon/encoding/payloads/ke_payload.c +++ b/src/libcharon/encoding/payloads/ke_payload.c @@ -146,6 +146,12 @@ METHOD(payload_t, verify, status_t, diffie_hellman_group_t g = this->dh_group_number; bool valid = TRUE; + if (this->type == PLV1_KEY_EXCHANGE) + { + /* IKEv1 does not transmit the group */ + return SUCCESS; + } + switch (g) { case MODP_NONE: