From: Tobias Brunner Date: Wed, 10 Jun 2015 13:53:08 +0000 (+0200) Subject: ikev2: Drop IKE_SA_INIT messages that don't have the initiator flag set X-Git-Tag: 5.3.3rc1~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47a340e1f7fb2f6e05d7ca350969c4b4e0680cdf;p=thirdparty%2Fstrongswan.git ikev2: Drop IKE_SA_INIT messages that don't have the initiator flag set While this doesn't really create any problems it is not 100% correct to accept such messages because, of course, the sender of an IKE_SA_INIT request is always the original initiator of an IKE_SA. We currently don't check the flag later, so we wouldn't notice if the peer doesn't set it in later messages (ike_sa_id_t.equals doesn't compare it anymore since we added support for IKEv1, in particular since 17ec1c74de). --- diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index 6902c48478..076233260f 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -542,7 +542,9 @@ static job_requeue_t receive_packets(private_receiver_t *this) if (message->get_request(message) && message->get_exchange_type(message) == IKE_SA_INIT) { - if (this->initiator_only || drop_ike_sa_init(this, message)) + id = message->get_ike_sa_id(message); + if (this->initiator_only || !id->is_initiator(id) || + drop_ike_sa_init(this, message)) { message->destroy(message); return JOB_REQUEUE_DIRECT;