From: Martin Willi <martin@revosec.ch>
Date: Wed, 10 Nov 2010 14:34:38 +0000 (+0100)
Subject: Check for exceeded payload count even if we have a found one flagged as sufficient
X-Git-Tag: 4.5.1~295
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fea3aa5d12a7ab90df762256010f8be468d6a5ae;p=thirdparty%2Fstrongswan.git

Check for exceeded payload count even if we have a found one flagged as sufficient
---

diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index f4cb5b0e13..913b57c62e 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1295,6 +1295,7 @@ static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
  */
 static status_t verify(private_message_t *this)
 {
+	bool complete = FALSE;
 	int i;
 
 	DBG2(DBG_ENC, "verifying message structure");
@@ -1343,15 +1344,15 @@ static status_t verify(private_message_t *this)
 		}
 		enumerator->destroy(enumerator);
 
-		if (found < rule->min_occurence)
+		if (!complete && found < rule->min_occurence)
 		{
 			DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)",
 				 payload_type_names, rule->type, rule->min_occurence, found);
 			return VERIFY_ERROR;
 		}
-		if (rule->sufficient)
+		if (found && rule->sufficient)
 		{
-			return SUCCESS;
+			complete = TRUE;
 		}
 	}
 	return SUCCESS;