From: Martin Willi <martin@revosec.ch>
Date: Thu, 21 Feb 2013 10:45:24 +0000 (+0100)
Subject: Don't reject OPAQUE ports while verifying traffic selector substructure
X-Git-Tag: 5.0.3dr3~41^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b443fa61231357a4c09f0bfed22be05727427cda;p=thirdparty%2Fstrongswan.git

Don't reject OPAQUE ports while verifying traffic selector substructure
---

diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
index 15f791b953..334823db97 100644
--- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c
+++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
@@ -114,7 +114,11 @@ METHOD(payload_t, verify, status_t,
 {
 	if (this->start_port > this->end_port)
 	{
-		return FAILED;
+		/* OPAQUE ports are the only exception */
+		if (this->start_port != 0xffff && this->end_port != 0)
+		{
+			return FAILED;
+		}
 	}
 	switch (this->ts_type)
 	{