From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 22 Apr 2015 12:19:54 +0000 (+0200)
Subject: redirect-manager: Verify type of returned gateway ID
X-Git-Tag: 5.4.0dr8~12^2~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa5cfbdcbfdda3417a6d963c7d69c41746240dc4;p=thirdparty%2Fstrongswan.git

redirect-manager: Verify type of returned gateway ID
---

diff --git a/src/libcharon/sa/redirect_manager.c b/src/libcharon/sa/redirect_manager.c
index dfc71e1065..e37c26f0d8 100644
--- a/src/libcharon/sa/redirect_manager.c
+++ b/src/libcharon/sa/redirect_manager.c
@@ -75,7 +75,18 @@ static bool should_redirect(private_redirect_manager_t *this, ike_sa_t *ike_sa,
 		bool (**method)(void*,ike_sa_t*,identification_t**) = provider + offset;
 		if (*method && (*method)(provider, ike_sa, gateway))
 		{
-			redirect = TRUE;
+			switch (*gateway ? (*gateway)->get_type(*gateway) : 0)
+			{
+				case ID_IPV4_ADDR:
+				case ID_IPV6_ADDR:
+				case ID_FQDN:
+					redirect = TRUE;
+					break;
+				default:
+					DBG1(DBG_CFG, "redirect provider returned invalid gateway");
+					DESTROY_IF(*gateway);
+					continue;
+			}
 			break;
 		}
 	}