From: Volker Rümelin <vr_strongswan@t-online.de>
Date: Mon, 1 Nov 2021 13:49:16 +0000 (+0100)
Subject: ikev1: Fix prefix length of vendor ID Cisco Unity
X-Git-Tag: 5.9.5dr2~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=865a387c6caafb3b19901cd7fe01db29e58db986;p=thirdparty%2Fstrongswan.git

ikev1: Fix prefix length of vendor ID Cisco Unity

Before commit 6c49ddfbca ("ike: Add additional Vendor IDs for
third-party implementations") the prefix length of vendor ID
Cisco Unity was hardcoded to 14. Since we need to know the actual
length of this VID to send it, the length can't be overloaded
with a prefix length. Revert part of commit 6c49ddfbca to
fix this problem.

Fixes: 6c49ddfbca72 ("ike: Add additional Vendor IDs for third-party implementations")
---

diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index 863479fc01..863a6a4d48 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -105,7 +105,7 @@ static struct {
 	  "\xaf\xca\xd7\x13\x68\xa1\xf1\xc9\x6b\x86\x96\xfc\x77\x57\x01\x00"},
 
 	/* CISCO-UNITY, similar to DPD the last two bytes indicate the version */
-	{ "Cisco Unity", EXT_CISCO_UNITY, FALSE, TRUE, 16,
+	{ "Cisco Unity", EXT_CISCO_UNITY, FALSE, FALSE, 16,
 	  "\x12\xf5\xf2\x8c\x45\x71\x68\xa9\x70\x2d\x9f\xe2\x74\xcc\x01\x00"},
 
 	/* Proprietary IKE fragmentation extension. Capabilities are handled
@@ -240,18 +240,24 @@ static const uint32_t fragmentation_ike = 0x80000000;
 
 static bool is_known_vid(chunk_t data, int i)
 {
-	if (vendor_ids[i].extension == EXT_IKE_FRAGMENTATION)
+	switch (vendor_ids[i].extension)
 	{
-		if (data.len >= 16 && memeq(data.ptr, vendor_ids[i].id, 16))
-		{
-			switch (data.len)
+		case EXT_IKE_FRAGMENTATION:
+			if (data.len >= 16 && memeq(data.ptr, vendor_ids[i].id, 16))
 			{
-				case 16:
-					return TRUE;
-				case 20:
-					return untoh32(&data.ptr[16]) & fragmentation_ike;
+				switch (data.len)
+				{
+					case 16:
+						return TRUE;
+					case 20:
+						return untoh32(&data.ptr[16]) & fragmentation_ike;
+				}
 			}
-		}
+			return FALSE;
+		case EXT_CISCO_UNITY:
+			return data.len == 16 && memeq(data.ptr, vendor_ids[i].id, 14);
+		default:
+			break;
 	}
 	if (vendor_ids[i].prefix)
 	{