From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 21 May 2015 12:45:52 +0000 (+0200)
Subject: ikev2: Allow tasks to verify response messages before processing them
X-Git-Tag: 5.4.0dr8~12^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b83619310047f5de426217ed32ca3dbe2bb338e;p=thirdparty%2Fstrongswan.git

ikev2: Allow tasks to verify response messages before processing them
---

diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index feddada4d4..1b37b453d4 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2014 Tobias Brunner
+ * Copyright (C) 2007-2015 Tobias Brunner
  * Copyright (C) 2007-2010 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -662,6 +662,32 @@ static status_t process_response(private_task_manager_t *this,
 		return DESTROY_ME;
 	}
 
+	enumerator = array_create_enumerator(this->active_tasks);
+	while (enumerator->enumerate(enumerator, &task))
+	{
+		if (!task->pre_process)
+		{
+			continue;
+		}
+		switch (task->pre_process(task, message))
+		{
+			case SUCCESS:
+				break;
+			case FAILED:
+			default:
+				/* just ignore the message */
+				DBG1(DBG_IKE, "ignore invalid %N response",
+					 exchange_type_names, message->get_exchange_type(message));
+				enumerator->destroy(enumerator);
+				return SUCCESS;
+			case DESTROY_ME:
+				/* critical failure, destroy IKE_SA */
+				enumerator->destroy(enumerator);
+				return DESTROY_ME;
+		}
+	}
+	enumerator->destroy(enumerator);
+
 	/* catch if we get resetted while processing */
 	this->reset = FALSE;
 	enumerator = array_create_enumerator(this->active_tasks);