From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 14 Oct 2014 12:05:48 +0000 (+0200)
Subject: ip-packet: Fix removal of TFC padding for IPv6
X-Git-Tag: 5.2.1~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15dee933de7d0e9060da90a821257f731c8f0414;p=thirdparty%2Fstrongswan.git

ip-packet: Fix removal of TFC padding for IPv6

The IPv6 length field denotes the payload length after the 40 bytes header.

Fixes: 293515f95cf5 ("libipsec: remove extra RFC4303 TFC padding appended to inner payload")
---

diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c
index 8065262927..0998efa9d2 100644
--- a/src/libipsec/ip_packet.c
+++ b/src/libipsec/ip_packet.c
@@ -247,7 +247,7 @@ ip_packet_t *ip_packet_create(chunk_t packet)
 			}
 			ip = (struct ip6_hdr*)packet.ptr;
 			/* remove any RFC 4303 TFC extra padding */
-			packet.len = min(packet.len, untoh16(&ip->ip6_plen));
+			packet.len = min(packet.len, 40 + untoh16(&ip->ip6_plen));
 			/* we only handle packets without extension headers, just skip the
 			 * basic IPv6 header */
 			payload = chunk_skip(packet, 40);