ikev2: Reject CREATE_CHILD_SA exchange on unestablished IKE_SAs

Prevents a responder peer to trick us into established state by starting
IKE_SA rekeying before the IKE_SA has been authenticated during IKE_AUTH.

Fixes CVE-2014-2338.

diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index ac3be900fe3711df7c4c2463b52aba9333ce6f9f..a5252ab7047b8bc3be1581091d6628590df66bce 100644 (file)
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -778,6 +778,15 @@ static status_t process_request(private_task_manager_t *this,
                        case CREATE_CHILD_SA:
                        {       /* FIXME: we should prevent this on mediation connections */
                                bool notify_found = FALSE, ts_found = FALSE;
+
+                               if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
+                                       this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING)
+                               {
+                                       DBG1(DBG_IKE, "received CREATE_CHILD_SA request for "
+                                                "unestablished IKE_SA, rejected");
+                                       return FAILED;
+                               }
+
                                enumerator = message->create_payload_enumerator(message);
                                while (enumerator->enumerate(enumerator, &payload))
                                {