From: Thomas Egerer <thomas.egerer@secunet.com>
Date: Fri, 10 Mar 2017 09:45:48 +0000 (+0100)
Subject: receiver: Restrict init limit to half-open SAs as responder
X-Git-Tag: 5.5.3~34
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3a67df3b10ffb29c880823572b8fa01787931bdb;p=thirdparty%2Fstrongswan.git

receiver: Restrict init limit to half-open SAs as responder

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
---

diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index 1bf93ad402..8fb48281f3 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -321,18 +321,16 @@ static bool cookie_required(private_receiver_t *this,
  */
 static bool drop_ike_sa_init(private_receiver_t *this, message_t *message)
 {
-	u_int half_open, half_open_r;
+	u_int half_open;
 	uint32_t now;
 
 	now = time_monotonic(NULL);
 	half_open = charon->ike_sa_manager->get_half_open_count(
-										charon->ike_sa_manager, NULL, FALSE);
-	half_open_r = charon->ike_sa_manager->get_half_open_count(
 										charon->ike_sa_manager, NULL, TRUE);
 
 	/* check for cookies in IKEv2 */
 	if (message->get_major_version(message) == IKEV2_MAJOR_VERSION &&
-		cookie_required(this, half_open_r, now) && !check_cookie(this, message))
+		cookie_required(this, half_open, now) && !check_cookie(this, message))
 	{
 		chunk_t cookie;