From: Martin Willi <martin@revosec.ch>
Date: Wed, 9 Oct 2013 12:09:08 +0000 (+0200)
Subject: starter: Reject connections having both 'ah' and 'esp' keywords set
X-Git-Tag: 5.1.1rc1~48^2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e48e530b44f9d8a1dc40fc11f394eecaffc10e9e;p=thirdparty%2Fstrongswan.git

starter: Reject connections having both 'ah' and 'esp' keywords set

We currently don't support mixed proposals or bundles, so don't create the
illusion we would.
---

diff --git a/src/starter/args.c b/src/starter/args.c
index 42deb86390..f5a617eaa8 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -295,6 +295,15 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
 		return FALSE;
 	}
 
+	if (token == KW_ESP || token == KW_AH)
+	{
+		if (*seen & (SEEN_KW(KW_ESP, first) | SEEN_KW(KW_AH, first)))
+		{
+			DBG1(DBG_APP, "# can't have both 'ah' and 'esp' options");
+			return FALSE;
+		}
+	}
+
 	/* set flag that this argument has been seen */
 	*seen |= SEEN_KW(token, first);