From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Tue, 24 Nov 2009 15:38:10 +0000 (+0100)
Subject: do not send all available kernel algorithms if esp string is faulty
X-Git-Tag: 4.3.6~178
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2eeab939a0eea49167c72dd0f3ec5a26f1592620;p=thirdparty%2Fstrongswan.git

do not send all available kernel algorithms if esp string is faulty
---

diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c
index 0429615f7d..450c507d06 100644
--- a/src/pluto/kernel_alg.c
+++ b/src/pluto/kernel_alg.c
@@ -694,12 +694,6 @@ struct db_context* kernel_alg_db_new(struct alg_info_esp *alg_info,
 	/* pass aprox. number of transforms and attributes */
 	ctx_new = db_prop_new(PROTO_IPSEC_ESP, trans_cnt, trans_cnt * 2);
 
-	/*
-	 * Loop: for each element (struct esp_info) of alg_info,
-	 *       if kernel support is present then build the transform (and attrs)
-	 *       if NULL alg_info, propose everything ...
-	 */
-
 	if (alg_info)
 	{
 		int i;
@@ -710,28 +704,6 @@ struct db_context* kernel_alg_db_new(struct alg_info_esp *alg_info,
 			kernel_alg_db_add(ctx_new, &tmp_esp_info, policy);
 		}
 	}
-	else
-	{
-		u_int ealg_id;
-
-		ESP_EALG_FOR_EACH_UPDOWN(ealg_id)
-		{
-			u_int aalg_id;
-
-			tmp_esp_info.esp_ealg_id = ealg_id;
-			tmp_esp_info.esp_ealg_keylen = 0;
-
-			for (aalg_id = 1; aalg_id <= SADB_AALG_MAX; aalg_id++)
-			{
-				if (ESP_AALG_PRESENT(aalg_id))
-				{
-					tmp_esp_info.esp_aalg_id = alg_info_esp_sadb2aa(aalg_id);
-					tmp_esp_info.esp_aalg_keylen = 0;
-					kernel_alg_db_add(ctx_new, &tmp_esp_info, policy);
-				}
-			}
-		}
-	}
 	prop = db_prop_get(ctx_new);
 	return ctx_new;
 }