From 17ecc104fb65b0190b0e5136362fd8c9bd4abf4e Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 23 Aug 2016 16:47:05 +0200 Subject: [PATCH] ikev1: Ignore the last two bytes of the Cisco Unity vendor ID These seem to indicate the major and minor version of the protocol, like e.g. for the DPD vendor ID. Some implementations seem to send versions other than 1.0 so we just ignore these for now when checking for known vendor IDs. Fixes #2088. --- src/libcharon/sa/ikev1/tasks/isakmp_vendor.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c index f28b83e8af..dc86fc5041 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c @@ -102,6 +102,7 @@ static struct { { "DPD", EXT_DPD, TRUE, 16, "\xaf\xca\xd7\x13\x68\xa1\xf1\xc9\x6b\x86\x96\xfc\x77\x57\x01\x00"}, + /* CISCO-UNITY, similar to DPD the last two bytes indicate the version */ { "Cisco Unity", EXT_CISCO_UNITY, FALSE, 16, "\x12\xf5\xf2\x8c\x45\x71\x68\xa9\x70\x2d\x9f\xe2\x74\xcc\x01\x00"}, @@ -190,6 +191,8 @@ static bool is_known_vid(chunk_t data, int i) break; case EXT_MS_WINDOWS: return data.len == 20 && memeq(data.ptr, vendor_ids[i].id, 16); + case EXT_CISCO_UNITY: + return data.len == 16 && memeq(data.ptr, vendor_ids[i].id, 14); default: return chunk_equals(data, chunk_create(vendor_ids[i].id, vendor_ids[i].len)); -- 2.47.2