ikev2: Ignore COOKIE notifies we already received

author Tobias Brunner <tobias@strongswan.org>

Wed, 28 Nov 2018 14:52:27 +0000 (15:52 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Fri, 7 Dec 2018 09:25:30 +0000 (10:25 +0100)
author Tobias Brunner <tobias@strongswan.org>
Wed, 28 Nov 2018 14:52:27 +0000 (15:52 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Fri, 7 Dec 2018 09:25:30 +0000 (10:25 +0100)
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c

index b5086182b459db81b7a53df35218ec46543cd611..b570904e21afaa0114bde653e817fda8c17ec508 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -890,6 +890,20 @@ METHOD(task_t, pre_process_i, status_t,
  
                         switch (type)
                         {
+                               case COOKIE:
+                               {
+                                       chunk_t cookie;
+
+                                       cookie = notify->get_notification_data(notify);
+                                       if (chunk_equals(cookie, this->cookie))
+                                       {
+                                               DBG1(DBG_IKE, "ignore response with duplicate COOKIE "
+                                                        "notify");
+                                               enumerator->destroy(enumerator);
+                                               return FAILED;
+                                       }
+                                       break;
+                               }
                                 case REDIRECT:
                                 {
                                         identification_t *gateway;
author	Tobias Brunner <tobias@strongswan.org>
	Wed, 28 Nov 2018 14:52:27 +0000 (15:52 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Fri, 7 Dec 2018 09:25:30 +0000 (10:25 +0100)