sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity

ike-init: Ignore COOKIE payloads during rekeying

Browse Source 
This ensures that process_i() only returns NEED_MORE due to multiple
key exchanges or an INVALID_KE_PAYLOAD notify.
This commit is contained in:
Tobias Brunner 2020-04-09 18:42:22 +02:00 committed by Andreas Steffen
parent 8378077602
commit 4afd6d1726
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libcharon/sa/ikev2/tasks/ike_init.c
View File

@ -1327,6 +1327,12 @@ METHOD(task_t, process_i, status_t,
break;
case COOKIE:
{
if (this->old_sa)
{
DBG1(DBG_IKE, "received COOKIE notify during rekeying"
", ignored");
break;
}
chunk_free(&this->cookie);
this->cookie = chunk_clone(notify->get_notification_data(notify));
this->ike_sa->reset(this->ike_sa, FALSE);