projects / people / pmueller / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| 8d289021 MT |
1 | commit eb251906298b529fa53b8a99746a9a7a9f318dd5 |
| 2 | Author: Tobias Brunner <tobias@strongswan.org> | |
| 3 | Date: Wed Feb 25 08:18:58 2015 +0100 | |
| 4 | ||
| 5 | ikev2: Don't destroy the SA if an IKE_SA_INIT with unexpected MID is received | |
| 6 | ||
| 7 | This reverts 8f727d800751 ("Clean up IKE_SA state if IKE_SA_INIT request | |
| 8 | does not have message ID 0") because it allowed to close any IKE_SA by | |
| 9 | sending an IKE_SA_INIT with an unexpected MID and both SPIs set to those | |
| 10 | of that SA. | |
| 11 | ||
| 12 | The next commit will prevent SAs from getting created for IKE_SA_INIT messages | |
| 13 | with invalid MID. | |
| 14 | ||
| 15 | Fixes #816. | |
| 16 | ||
| 17 | diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c | |
| 18 | index 48266aa..be84e71 100644 | |
| 19 | --- a/src/libcharon/sa/ikev2/task_manager_v2.c | |
| 20 | +++ b/src/libcharon/sa/ikev2/task_manager_v2.c | |
| 21 | @@ -1355,10 +1355,6 @@ METHOD(task_manager_t, process_message, status_t, | |
| 22 | { | |
| 23 | DBG1(DBG_IKE, "received message ID %d, expected %d. Ignored", | |
| 24 | mid, this->responding.mid); | |
| 25 | - if (msg->get_exchange_type(msg) == IKE_SA_INIT) | |
| 26 | - { /* clean up IKE_SA state if IKE_SA_INIT has invalid msg ID */ | |
| 27 | - return DESTROY_ME; | |
| 28 | - } | |
| 29 | } | |
| 30 | } | |
| 31 | else |