sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-08 00:02:03 -04:00
Code Issues Projects Releases Wiki Activity

ike-init: Ignore COOKIE payloads during rekeying

Browse Source 
This ensures that process_i() only returns NEED_MORE due to multiple
key exchanges or an INVALID_KE_PAYLOAD notify.
This commit is contained in:
Tobias Brunner 2020-04-09 18:42:22 +02:00 committed by Andreas Steffen
parent ec43b6c8cd
commit 554e369e4d
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libcharon/sa/ikev2/tasks/ike_init.c
View File

@ -1327,6 +1327,12 @@ METHOD(task_t, process_i, status_t,
break; break;
case COOKIE: case COOKIE:
{ {
if (this->old_sa)
{
DBG1(DBG_IKE, "received COOKIE notify during rekeying"
", ignored");
break;
}
chunk_free(&this->cookie); chunk_free(&this->cookie);
this->cookie = chunk_clone(notify->get_notification_data(notify)); this->cookie = chunk_clone(notify->get_notification_data(notify));
this->ike_sa->reset(this->ike_sa, FALSE); this->ike_sa->reset(this->ike_sa, FALSE);