From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 4 Nov 2014 17:24:16 +0000 (+0100)
Subject: ikev1: Accept IPComp proposals with 4 octet long CPI values
X-Git-Tag: 5.2.2rc1~30
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=4141f0167191eacfbeee26a7dfad749529ee866b;p=thirdparty%2Fstrongswan.git

ikev1: Accept IPComp proposals with 4 octet long CPI values

While they SHOULD be sent as 16-bit values according to RFC 3173
a responder MUST be able to accept CPI values encoded in four bytes.
---

diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index 53e8cf3ad3..fb9e7856eb 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -345,7 +345,7 @@ METHOD(payload_t, verify, status_t,
 	switch (this->protocol_id)
 	{
 		case PROTO_IPCOMP:
-			if (this->spi.len != 2)
+			if (this->spi.len != 2 && this->spi.len != 4)
 			{
 				DBG1(DBG_ENC, "invalid CPI length in IPCOMP proposal");
 				return FAILED;
@@ -536,7 +536,7 @@ METHOD(proposal_substructure_t, get_cpi, bool,
 		{
 			if (cpi)
 			{
-				*cpi = *((u_int16_t*)this->spi.ptr);
+				*cpi = htons(untoh16(this->spi.ptr + this->spi.len - 2));
 			}
 			enumerator->destroy(enumerator);
 			return TRUE;