From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 25 May 2016 07:42:08 +0000 (+0200)
Subject: ike: Don't trigger message hook when fragmenting pre-generated messages
X-Git-Tag: 5.5.0dr1~39
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e35bb6e9462aa90c0ac508a1083d411762015c1e;p=thirdparty%2Fstrongswan.git

ike: Don't trigger message hook when fragmenting pre-generated messages

This is the case for the IKE_SA_INIT and the initial IKEv1 messages, which
are pre-generated in tasks as at least parts of it are used to generate
the AUTH payload.  The IKE_SA_INIT message will never be fragmented, but
the IKEv1 messages might be, so we can't just call generate_message().

Fixes #1478.
---

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 3a236519b5..b7d71e4d6d 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1203,6 +1203,7 @@ METHOD(ike_sa_t, generate_message_fragmented, status_t,
 	packet_t *packet;
 	status_t status;
 	bool use_frags = FALSE;
+	bool pre_generated = FALSE;
 
 	if (this->ike_cfg)
 	{
@@ -1237,14 +1238,21 @@ METHOD(ike_sa_t, generate_message_fragmented, status_t,
 		return SUCCESS;
 	}
 
+	pre_generated = message->is_encoded(message);
 	this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
 	message->set_ike_sa_id(message, this->ike_sa_id);
-	charon->bus->message(charon->bus, message, FALSE, TRUE);
+	if (!pre_generated)
+	{
+		charon->bus->message(charon->bus, message, FALSE, TRUE);
+	}
 	status = message->fragment(message, this->keymat, this->fragment_size,
 							   &fragments);
 	if (status == SUCCESS)
 	{
-		charon->bus->message(charon->bus, message, FALSE, FALSE);
+		if (!pre_generated)
+		{
+			charon->bus->message(charon->bus, message, FALSE, FALSE);
+		}
 		*packets = enumerator_create_filter(fragments, (void*)filter_fragments,
 											this, NULL);
 	}