reject PB-Experimental messages with NOSKIP flag set

author Andreas Steffen <andreas.steffen@strongswan.org>

Tue, 19 Feb 2013 08:31:34 +0000 (09:31 +0100)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Tue, 19 Feb 2013 08:31:34 +0000 (09:31 +0100)
author Andreas Steffen <andreas.steffen@strongswan.org>
Tue, 19 Feb 2013 08:31:34 +0000 (09:31 +0100)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Tue, 19 Feb 2013 08:31:34 +0000 (09:31 +0100)
diff --git a/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c b/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c

index 3a2c70f5a7bb2b2a93d2a7b9f5760d68f3f8a5b2..b1f6d1eaa7992c0a542ec153b5c2b112a3f34500 100644 (file)
--- a/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c
+++ b/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c
@@ -386,6 +386,13 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
         }
         else
         {
+               if (msg_type == PB_MSG_EXPERIMENTAL && noskip_flag)
+               {
+                       DBG1(DBG_TNC, "reject PB-Experimental message with NOSKIP flag set");
+                       msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
+                                                       PB_ERROR_UNSUPPORTED_MANDATORY_MSG, this->offset);
+                       goto fatal;
+               }
                 if (pb_tnc_msg_infos[msg_type].has_noskip_flag != TRUE_OR_FALSE &&
                         pb_tnc_msg_infos[msg_type].has_noskip_flag != noskip_flag)
                 {
author	Andreas Steffen <andreas.steffen@strongswan.org>
	Tue, 19 Feb 2013 08:31:34 +0000 (09:31 +0100)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Tue, 19 Feb 2013 08:31:34 +0000 (09:31 +0100)