From: Martin Willi <martin@revosec.ch>
Date: Mon, 23 Sep 2013 14:23:54 +0000 (+0200)
Subject: libipsec: remove extra RFC4303 TFC padding appended to inner payload
X-Git-Tag: 5.1.1rc1~47^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=293515f95cf5587c727e40e738739cfe7cdf7626;p=thirdparty%2Fstrongswan.git

libipsec: remove extra RFC4303 TFC padding appended to inner payload
---

diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c
index 41e364379d..ede9d100a1 100644
--- a/src/libipsec/ip_packet.c
+++ b/src/libipsec/ip_packet.c
@@ -139,6 +139,9 @@ ip_packet_t *ip_packet_create(chunk_t packet)
 				goto failed;
 			}
 			ip = (struct ip*)packet.ptr;
+			/* remove any RFC 4303 TFC extra padding */
+			packet.len = min(packet.len, untoh16(&ip->ip_len));
+
 			src = host_create_from_chunk(AF_INET,
 										 chunk_from_thing(ip->ip_src), 0);
 			dst = host_create_from_chunk(AF_INET,
@@ -157,6 +160,9 @@ ip_packet_t *ip_packet_create(chunk_t packet)
 				goto failed;
 			}
 			ip = (struct ip6_hdr*)packet.ptr;
+			/* remove any RFC 4303 TFC extra padding */
+			packet.len = min(packet.len, untoh16(&ip->ip6_plen));
+
 			src = host_create_from_chunk(AF_INET6,
 										 chunk_from_thing(ip->ip6_src), 0);
 			dst = host_create_from_chunk(AF_INET6,