From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 25 Nov 2019 14:55:54 +0000 (+0100)
Subject: ikev2: Destroy IKE_SA if INVALID_SYNTAX notify is received in response
X-Git-Tag: 5.8.2rc2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a84aeb01aa6cc0c23788cccda31a796d265d9fdf;p=thirdparty%2Fstrongswan.git

ikev2: Destroy IKE_SA if INVALID_SYNTAX notify is received in response

RFC 7296, section 2.21.3:

   If a peer parsing a request notices that it is badly formatted (after
   it has passed the message authentication code checks and window
   checks) and it returns an INVALID_SYNTAX notification, then this
   error notification is considered fatal in both peers, meaning that
   the IKE SA is deleted without needing an explicit Delete payload.
---

diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index 0b223d3911..6bafd42e0d 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -704,6 +704,23 @@ static status_t process_response(private_task_manager_t *this,
 		return DESTROY_ME;
 	}
 
+	/* handle fatal INVALID_SYNTAX notifies */
+	switch (message->get_exchange_type(message))
+	{
+		case CREATE_CHILD_SA:
+		case INFORMATIONAL:
+			if (message->get_notify(message, INVALID_SYNTAX))
+			{
+				DBG1(DBG_IKE, "received %N notify error, destroying IKE_SA",
+					 notify_type_names, INVALID_SYNTAX);
+				charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
+				return DESTROY_ME;
+			}
+			break;
+		default:
+			break;
+	}
+
 	enumerator = array_create_enumerator(this->active_tasks);
 	while (enumerator->enumerate(enumerator, &task))
 	{