From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Tue, 19 Feb 2013 08:31:34 +0000 (+0100)
Subject: reject PB-Experimental messages with NOSKIP flag set
X-Git-Tag: 5.0.3dr2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0f7cb0caf4a059efc7c9f46e088b0a36ab7ab9eb;p=thirdparty%2Fstrongswan.git

reject PB-Experimental messages with NOSKIP flag set
---

diff --git a/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c b/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c
index 3a2c70f5a7..b1f6d1eaa7 100644
--- a/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c
+++ b/src/libcharon/plugins/tnccs_20/batch/pb_tnc_batch.c
@@ -386,6 +386,13 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this)
 	}
 	else
 	{
+		if (msg_type == PB_MSG_EXPERIMENTAL && noskip_flag)
+		{
+			DBG1(DBG_TNC, "reject PB-Experimental message with NOSKIP flag set");
+			msg = pb_error_msg_create_with_offset(TRUE, PEN_IETF,
+							PB_ERROR_UNSUPPORTED_MANDATORY_MSG, this->offset);
+			goto fatal;
+		}
 		if (pb_tnc_msg_infos[msg_type].has_noskip_flag != TRUE_OR_FALSE &&
 			pb_tnc_msg_infos[msg_type].has_noskip_flag != noskip_flag)
 		{