[strongSwan-dev] [PATCH] fix error-type range in parsing of NOTIFY payloads

Jiri Bohac Thu, 05 Aug 2010 08:12:56 -0700

Hi,

RFC 4306, section 3.10.1,  says: "Types in the range 0 - 16383 
are intended for reporting errors"


strongSwan does not include 16383 in the range and considers
16383 a status-type instead of an error-type.

This fixes the ipv6ready IKEv2.EN.I.1.1.11.4 test case.

Index: strongswan-4.4.0/src/libcharon/sa/tasks/ike_init.c
===================================================================
--- strongswan-4.4.0.orig/src/libcharon/sa/tasks/ike_init.c     2010-03-19 
16:56:54.000000000 +0100
+++ strongswan-4.4.0/src/libcharon/sa/tasks/ike_init.c  2010-08-05 
16:26:28.000000000 +0200
@@ -468,7 +468,7 @@ static status_t process_i(private_ike_in
                                }
                                default:
                                {
-                                       if (type < 16383)
+                                       if (type <= 16383)
                                        {
                                                DBG1(DBG_IKE, "received %N 
notify error",
                                                         notify_type_names, 
type);

Regards,

-- 
Jiri Bohac <[email protected]>
SUSE Labs, SUSE CZ


_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev

[strongSwan-dev] [PATCH] fix error-type range in parsing of NOTIFY payloads

Reply via email to