Check for exceeded payload count even if we have a found one flagged as sufficient

author Martin Willi <martin@revosec.ch>

Wed, 10 Nov 2010 14:34:38 +0000 (15:34 +0100)

committer Martin Willi <martin@revosec.ch>

Wed, 5 Jan 2011 15:45:43 +0000 (16:45 +0100)
author Martin Willi <martin@revosec.ch>
Wed, 10 Nov 2010 14:34:38 +0000 (15:34 +0100)
committer Martin Willi <martin@revosec.ch>
Wed, 5 Jan 2011 15:45:43 +0000 (16:45 +0100)
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c

index f4cb5b0e13819ed2f2a5da8cce94af66ffce3788..913b57c62ebdc90fb4f7e085c120215ce6ef81b0 100644 (file)
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1295,6 +1295,7 @@ static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
   */
  static status_t verify(private_message_t *this)
  {
+       bool complete = FALSE;
         int i;
  
         DBG2(DBG_ENC, "verifying message structure");
@@ -1343,15 +1344,15 @@ static status_t verify(private_message_t *this)
                 }
                 enumerator->destroy(enumerator);
  
-               if (found < rule->min_occurence)
+               if (!complete && found < rule->min_occurence)
                 {
                         DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)",
                                  payload_type_names, rule->type, rule->min_occurence, found);
                         return VERIFY_ERROR;
                 }
-               if (rule->sufficient)
+               if (found && rule->sufficient)
                 {
-                       return SUCCESS;
+                       complete = TRUE;
                 }
         }
         return SUCCESS;
author	Martin Willi <martin@revosec.ch>
	Wed, 10 Nov 2010 14:34:38 +0000 (15:34 +0100)
committer	Martin Willi <martin@revosec.ch>
	Wed, 5 Jan 2011 15:45:43 +0000 (16:45 +0100)