From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 29 Mar 2019 10:05:42 +0000 (+0100)
Subject: ike-config: If we don't send a CFG_REQUEST, we don't expect a CFG_REPLY
X-Git-Tag: 5.8.0rc1~39
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5af924a650601bb71889ffb7663ee64cadcf7bdd;p=thirdparty%2Fstrongswan.git

ike-config: If we don't send a CFG_REQUEST, we don't expect a CFG_REPLY

Previously, attributes in an incorrectly sent CFG_REPLY would still be passed
to attribute handlers.  This does not prevent handlers from receiving
unrequested attributes if they requested at least one other.
---

diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c
index fdccda5f55..3fb4b94461 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_config.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_config.c
@@ -317,6 +317,10 @@ METHOD(task_t, build_i, status_t,
 		{
 			message->add_payload(message, (payload_t*)cp);
 		}
+		else
+		{	/* we don't expect a CFG_REPLY */
+			return SUCCESS;
+		}
 	}
 	return NEED_MORE;
 }