From: Tobias Brunner Date: Mon, 3 Aug 2015 11:30:11 +0000 (+0200) Subject: ha: Properly initialize algo variables when installing CHILD_SAs X-Git-Tag: 5.3.3dr4~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7f381ef000eb4f7687f64e967d66089085d3821;p=thirdparty%2Fstrongswan.git ha: Properly initialize algo variables when installing CHILD_SAs If AEAD algorithms are used no integrity algorithm will be received from the other HA node. But since AUTH_UNDEFINED is 1024 and not 0 this value was incorrectly added to the proposal, resulting in a failure during key derivation. The variables are now explicitly initialized to 0, as already was the case for the IKE SAs. Fixes #1051. --- diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c index 75d5030846..afa0993095 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.c +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -647,7 +647,7 @@ static void process_child_add(private_ha_dispatcher_t *this, u_int32_t inbound_spi = 0, outbound_spi = 0; u_int16_t inbound_cpi = 0, outbound_cpi = 0; u_int8_t mode = MODE_TUNNEL, ipcomp = 0; - u_int16_t encr = ENCR_UNDEFINED, integ = AUTH_UNDEFINED, len = 0; + u_int16_t encr = 0, integ = 0, len = 0; u_int16_t esn = NO_EXT_SEQ_NUMBERS; u_int seg_i, seg_o; chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty, secret = chunk_empty;