ikev1: Accept SPI size of any length <= 16 in ISAKMP proposal

Fixes #533.

diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index cb9b359b3f38fb14e12b896dc7d1f5c0191ebbd6..3e35b75c650203b6e66e92c954489c2cdb567221 100644 (file)
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -361,12 +361,20 @@ METHOD(payload_t, verify, status_t,
                        }
                        break;
                case PROTO_IKE:
-                       if (this->spi.len != 0 && this->spi.len  != 8)
+                       if (this->type == PROPOSAL_SUBSTRUCTURE_V1)
                        {
-                               DBG1(DBG_ENC, "invalid SPI length in IKE proposal");
-                               return FAILED;
+                               if (this->spi.len <= 16)
+                               {       /* according to RFC 2409, section 3.5 anything between
+                                        * 0 and 16 is fine */
+                                       break;
+                               }
                        }
-                       break;
+                       else if (this->spi.len == 0 || this->spi.len  == 8)
+                       {
+                               break;
+                       }
+                       DBG1(DBG_ENC, "invalid SPI length in IKE proposal");
+                       return FAILED;
                default:
                        break;
        }