From: Martin Willi <martin@revosec.ch>
Date: Fri, 9 Dec 2011 14:18:23 +0000 (+0100)
Subject: Reject quick modes if IKE_SA not yet established
X-Git-Tag: 5.0.0~338^2~9^2~271
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a22b9e4f3385072edc2faa8ae28fb1c935d95266;p=thirdparty%2Fstrongswan.git

Reject quick modes if IKE_SA not yet established
---

diff --git a/src/libcharon/sa/task_manager_v1.c b/src/libcharon/sa/task_manager_v1.c
index c012295641..7fda51eeb1 100755
--- a/src/libcharon/sa/task_manager_v1.c
+++ b/src/libcharon/sa/task_manager_v1.c
@@ -592,6 +592,12 @@ static status_t process_request(private_task_manager_t *this,
 				/* TODO-IKEv1: agressive mode */
 				return FAILED;
 			case QUICK_MODE:
+				if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
+				{
+					DBG1(DBG_IKE, "received quick mode request for "
+						 "unestablished IKE_SA, ignored");
+					return FAILED;
+				}
 				task = (task_t *)quick_mode_create(this->ike_sa, NULL,
 												   NULL, NULL);
 				this->passive_tasks->insert_last(this->passive_tasks, task);