From: Martin Willi <martin@revosec.ch>
Date: Fri, 16 May 2014 14:18:16 +0000 (+0200)
Subject: proposal: Don't return a default IKE proposal without encryption/AEAD algs
X-Git-Tag: 5.2.0dr5~38^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f893f278d5fe2bf43081bf5c341f9feaf3aedcb;p=thirdparty%2Fstrongswan.git

proposal: Don't return a default IKE proposal without encryption/AEAD algs
---

diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 48313b753a..4d881cd2f6 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -627,7 +627,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number)
 /**
  * Add supported IKE algorithms to proposal
  */
-static void proposal_add_supported_ike(private_proposal_t *this, bool aead)
+static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
 {
 	enumerator_t *enumerator;
 	encryption_algorithm_t encryption;
@@ -662,6 +662,11 @@ static void proposal_add_supported_ike(private_proposal_t *this, bool aead)
 			}
 		}
 		enumerator->destroy(enumerator);
+
+		if (!array_count(this->transforms))
+		{
+			return FALSE;
+		}
 	}
 	else
 	{
@@ -691,6 +696,11 @@ static void proposal_add_supported_ike(private_proposal_t *this, bool aead)
 		}
 		enumerator->destroy(enumerator);
 
+		if (!array_count(this->transforms))
+		{
+			return FALSE;
+		}
+
 		enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
 		while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
 		{
@@ -772,6 +782,8 @@ static void proposal_add_supported_ike(private_proposal_t *this, bool aead)
 		}
 	}
 	enumerator->destroy(enumerator);
+
+	return TRUE;
 }
 
 /*
@@ -784,7 +796,11 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
 	switch (protocol)
 	{
 		case PROTO_IKE:
-			proposal_add_supported_ike(this, FALSE);
+			if (!proposal_add_supported_ike(this, FALSE))
+			{
+				destroy(this);
+				return NULL;
+			}
 			break;
 		case PROTO_ESP:
 			add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_AES_CBC,         128);
@@ -820,7 +836,11 @@ proposal_t *proposal_create_default_aead(protocol_id_t protocol)
 	{
 		case PROTO_IKE:
 			this = (private_proposal_t*)proposal_create(protocol, 0);
-			proposal_add_supported_ike(this, TRUE);
+			if (!proposal_add_supported_ike(this, TRUE))
+			{
+				destroy(this);
+				return NULL;
+			}
 			return &this->public;
 		case PROTO_ESP:
 			/* we currently don't include any AEAD proposal for ESP, as we