libipsec: remove extra RFC4303 TFC padding appended to inner payload

author Martin Willi <martin@revosec.ch>

Mon, 23 Sep 2013 14:23:54 +0000 (16:23 +0200)

committer Martin Willi <martin@revosec.ch>

Fri, 11 Oct 2013 08:23:17 +0000 (10:23 +0200)
author Martin Willi <martin@revosec.ch>
Mon, 23 Sep 2013 14:23:54 +0000 (16:23 +0200)
committer Martin Willi <martin@revosec.ch>
Fri, 11 Oct 2013 08:23:17 +0000 (10:23 +0200)
diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c

index 41e364379d22676a3a78b89063a1523744c6ed0b..ede9d100a18783273c19ec43e6131131fb2d33d2 100644 (file)
--- a/src/libipsec/ip_packet.c
+++ b/src/libipsec/ip_packet.c
@@ -139,6 +139,9 @@ ip_packet_t *ip_packet_create(chunk_t packet)
                                 goto failed;
                         }
                         ip = (struct ip*)packet.ptr;
+                       /* remove any RFC 4303 TFC extra padding */
+                       packet.len = min(packet.len, untoh16(&ip->ip_len));
+
                         src = host_create_from_chunk(AF_INET,
                                                                                  chunk_from_thing(ip->ip_src), 0);
                         dst = host_create_from_chunk(AF_INET,
@@ -157,6 +160,9 @@ ip_packet_t *ip_packet_create(chunk_t packet)
                                 goto failed;
                         }
                         ip = (struct ip6_hdr*)packet.ptr;
+                       /* remove any RFC 4303 TFC extra padding */
+                       packet.len = min(packet.len, untoh16(&ip->ip6_plen));
+
                         src = host_create_from_chunk(AF_INET6,
                                                                                  chunk_from_thing(ip->ip6_src), 0);
                         dst = host_create_from_chunk(AF_INET6,
author	Martin Willi <martin@revosec.ch>
	Mon, 23 Sep 2013 14:23:54 +0000 (16:23 +0200)
committer	Martin Willi <martin@revosec.ch>
	Fri, 11 Oct 2013 08:23:17 +0000 (10:23 +0200)