proposal: Don't return a default IKE proposal without encryption/AEAD algs

author Martin Willi <martin@revosec.ch>

Fri, 16 May 2014 14:18:16 +0000 (16:18 +0200)

committer Martin Willi <martin@revosec.ch>

Fri, 16 May 2014 14:51:19 +0000 (16:51 +0200)
author Martin Willi <martin@revosec.ch>
Fri, 16 May 2014 14:18:16 +0000 (16:18 +0200)
committer Martin Willi <martin@revosec.ch>
Fri, 16 May 2014 14:51:19 +0000 (16:51 +0200)
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c

index 48313b753a94c5c87c4d978961d3905ae6fc9ce3..4d881cd2f638c2dcfaf083a9f112fb353728c0c3 100644 (file)
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -627,7 +627,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number)
  /**
   * Add supported IKE algorithms to proposal
   */
-static void proposal_add_supported_ike(private_proposal_t *this, bool aead)
+static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
  {
         enumerator_t *enumerator;
         encryption_algorithm_t encryption;
@@ -662,6 +662,11 @@ static void proposal_add_supported_ike(private_proposal_t *this, bool aead)
                         }
                 }
                 enumerator->destroy(enumerator);
+
+               if (!array_count(this->transforms))
+               {
+                       return FALSE;
+               }
         }
         else
         {
@@ -691,6 +696,11 @@ static void proposal_add_supported_ike(private_proposal_t *this, bool aead)
                 }
                 enumerator->destroy(enumerator);
  
+               if (!array_count(this->transforms))
+               {
+                       return FALSE;
+               }
+
                 enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
                 while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
                 {
@@ -772,6 +782,8 @@ static void proposal_add_supported_ike(private_proposal_t *this, bool aead)
                 }
         }
         enumerator->destroy(enumerator);
+
+       return TRUE;
  }
  
  /*
@@ -784,7 +796,11 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
         switch (protocol)
         {
                 case PROTO_IKE:
-                       proposal_add_supported_ike(this, FALSE);
+                       if (!proposal_add_supported_ike(this, FALSE))
+                       {
+                               destroy(this);
+                               return NULL;
+                       }
                         break;
                 case PROTO_ESP:
                         add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_AES_CBC,         128);
@@ -820,7 +836,11 @@ proposal_t *proposal_create_default_aead(protocol_id_t protocol)
         {
                 case PROTO_IKE:
                         this = (private_proposal_t*)proposal_create(protocol, 0);
-                       proposal_add_supported_ike(this, TRUE);
+                       if (!proposal_add_supported_ike(this, TRUE))
+                       {
+                               destroy(this);
+                               return NULL;
+                       }
                         return &this->public;
                 case PROTO_ESP:
                         /* we currently don't include any AEAD proposal for ESP, as we
author	Martin Willi <martin@revosec.ch>
	Fri, 16 May 2014 14:18:16 +0000 (16:18 +0200)
committer	Martin Willi <martin@revosec.ch>
	Fri, 16 May 2014 14:51:19 +0000 (16:51 +0200)