sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

ike-cert-post: Make absolutely sure certificates are only added to IKE_AUTH

Browse Source 
The AUTH payload check in build_certs() should be fine, but add some
extra checks just to make really sure and also for clarification.
This commit is contained in:
Tobias Brunner 2018-06-25 12:23:50 +02:00
parent f2e79bf334
commit 09d4497536
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/libcharon/sa/ikev2/tasks/ike_cert_post.c
View File

@ -255,8 +255,10 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message)
METHOD(task_t, build_i, status_t,
private_ike_cert_post_t *this, message_t *message)
{
build_certs(this, message);
if (message->get_exchange_type(message) == IKE_AUTH)
{
build_certs(this, message);
}
return NEED_MORE;
}
@ -269,8 +271,10 @@ METHOD(task_t, process_r, status_t,
METHOD(task_t, build_r, status_t,
private_ike_cert_post_t *this, message_t *message)
{
build_certs(this, message);
if (message->get_exchange_type(message) == IKE_AUTH)
{
build_certs(this, message);
}
if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
{ /* stay alive, we might have additional rounds with certs */
return NEED_MORE;