From: Martin Willi <martin@revosec.ch>
Date: Mon, 8 Oct 2012 09:09:31 +0000 (+0200)
Subject: Raise a bus alert when a received message contains unknown SPIs
X-Git-Tag: 5.0.2dr4~327
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f6f16131d0630e38dbc86d922d84e1a5285725ef;p=thirdparty%2Fstrongswan.git

Raise a bus alert when a received message contains unknown SPIs
---

diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 4bde2434bd..c732b8c92d 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -92,6 +92,8 @@ enum alert_t {
 	ALERT_PEER_ADDR_FAILED,
 	/** peer did not respond to initial message, current try (int, 0-based) */
 	ALERT_PEER_INIT_UNREACHABLE,
+	/** received IKE message with invalid SPI, argument is message_t* */
+	ALERT_INVALID_IKE_SPI,
 };
 
 /**
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index a396235c2d..cccf5d0d1f 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -1274,6 +1274,10 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
 		}
 		unlock_single_segment(this, segment);
 	}
+	else
+	{
+		charon->bus->alert(charon->bus, ALERT_INVALID_IKE_SPI, message);
+	}
 	id->destroy(id);
 	charon->bus->set_sa(charon->bus, ike_sa);
 	return ike_sa;