From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 16 Jun 2014 13:47:03 +0000 (+0200)
Subject: ike: Do not cache MID of IKEv2 fragments
X-Git-Tag: 5.2.1rc1~12^2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7a53fe55118ab1d3471b430a8f384f3d2525dbbb;p=thirdparty%2Fstrongswan.git

ike: Do not cache MID of IKEv2 fragments

This fails if there are unencrypted payloads before an encrypted
fragment payload in the first fragment.
---

diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 8ffa93fda1..bdabc59b5a 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -1302,8 +1302,9 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
 
 			ike_id = entry->ike_sa->get_id(entry->ike_sa);
 			entry->checked_out = TRUE;
-			if (message->get_first_payload_type(message) != PLV1_FRAGMENT)
-			{
+			if (message->get_first_payload_type(message) != PLV1_FRAGMENT &&
+				message->get_first_payload_type(message) != PLV2_FRAGMENT)
+			{	/* TODO-FRAG: this fails if there are unencrypted payloads */
 				entry->processing = get_message_id_or_hash(message);
 			}
 			if (ike_id->get_responder_spi(ike_id) == 0)