From: Martin Willi <martin@revosec.ch>
Date: Tue, 24 Mar 2015 08:37:38 +0000 (+0100)
Subject: ikev1: Inverse check when applying received KE value during Quick Mode
X-Git-Tag: 5.3.0rc1^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=66147ef6700d4ad1af00083580823fa48b129408;p=thirdparty%2Fstrongswan.git

ikev1: Inverse check when applying received KE value during Quick Mode

Fixes Quick Mode negotiation when PFS is in use.
---

diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index b48ace4cab..982c128514 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -493,7 +493,7 @@ static bool get_ke(private_quick_mode_t *this, message_t *message)
 		DBG1(DBG_IKE, "KE payload missing");
 		return FALSE;
 	}
-	if (this->dh->set_other_public_value(this->dh,
+	if (!this->dh->set_other_public_value(this->dh,
 								ke_payload->get_key_exchange_data(ke_payload)))
 	{
 		DBG1(DBG_IKE, "unable to apply received KE value");