From: Martin Willi <martin@revosec.ch>
Date: Wed, 10 Sep 2014 09:14:22 +0000 (+0200)
Subject: encoding: Accept all exchange types for non IKEv1/IKEv2 major versions
X-Git-Tag: 5.2.1dr1~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2dee0a85a6923da94d669dc5de337dc5ef1806e7;p=thirdparty%2Fstrongswan.git

encoding: Accept all exchange types for non IKEv1/IKEv2 major versions
---

diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c
index 7015667ee8..c96738a347 100644
--- a/src/libcharon/encoding/payloads/ike_header.c
+++ b/src/libcharon/encoding/payloads/ike_header.c
@@ -210,8 +210,9 @@ METHOD(payload_t, verify, status_t,
 		case TRANSACTION:
 		case QUICK_MODE:
 		case NEW_GROUP_MODE:
-			if (this->maj_version != IKEV1_MAJOR_VERSION)
+			if (this->maj_version == IKEV2_MAJOR_VERSION)
 			{
+				/* IKEv1 exchange type in IKEv2? */
 				return FAILED;
 			}
 			break;
@@ -223,14 +224,20 @@ METHOD(payload_t, verify, status_t,
 #ifdef ME
 		case ME_CONNECT:
 #endif /* ME */
-			if (this->maj_version != IKEV2_MAJOR_VERSION)
+			if (this->maj_version == IKEV1_MAJOR_VERSION)
 			{
+				/* IKEv2 exchange type in IKEv1? */
 				return FAILED;
 			}
 			break;
 		default:
-			/* unsupported exchange type */
-			return FAILED;
+			if (this->maj_version == IKEV1_MAJOR_VERSION ||
+				this->maj_version == IKEV2_MAJOR_VERSION)
+			{
+				/* unsupported exchange type for known version */
+				return FAILED;
+			}
+			break;
 	}
 	if (this->initiator_spi == 0)
 	{
@@ -501,4 +508,3 @@ ike_header_t *ike_header_create_version(int major, int minor)
 	}
 	return this;
 }
-