From: Martin Willi <martin@strongswan.org>
Date: Thu, 29 Oct 2009 16:37:36 +0000 (+0100)
Subject: Passing other as NULL should not always result in a match if me matches
X-Git-Tag: 4.3.6~212
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3374cb0f44f80980e0e4351973ea9c23b6f251de;p=thirdparty%2Fstrongswan.git

Passing other as NULL should not always result in a match if me matches
---

diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/charon/plugins/stroke/stroke_cred.c
index fbf4507c47..627418bd36 100644
--- a/src/charon/plugins/stroke/stroke_cred.c
+++ b/src/charon/plugins/stroke/stroke_cred.c
@@ -220,7 +220,7 @@ static bool shared_filter(shared_data_t *data,
 						  void **unused1, id_match_t *me,
 						  void **unused2, id_match_t *other)
 {
-	id_match_t my_match = ID_MATCH_ANY, other_match = ID_MATCH_ANY;
+	id_match_t my_match = ID_MATCH_NONE, other_match = ID_MATCH_NONE;
 	stroke_shared_key_t *stroke = *in;
 	shared_key_t *shared = &stroke->shared;
 
@@ -237,7 +237,7 @@ static bool shared_filter(shared_data_t *data,
 	{
 		other_match = stroke->has_owner(stroke, data->other);
 	}
-	if (!my_match && !other_match)
+	if ((data->me || data->other) && (!my_match && !other_match))
 	{
 		return FALSE;
 	}