ike: Do not cache MID of IKEv2 fragments

This fails if there are unencrypted payloads before an encrypted fragment payload in the first fragment.
author: Tobias Brunner <tobias@strongswan.org> 2014-06-16 15:47:03 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2014-10-10 09:32:41 +0200
commit: 7a53fe55118ab1d3471b430a8f384f3d2525dbbb (patch)
tree: 0e13523516392908d3dbe6ba0b593457acc7cdcf
parent: c0f4936a23578625e7be7032d2a66db5d6a6c1a3 (diff)
download: strongswan-7a53fe55118ab1d3471b430a8f384f3d2525dbbb.tar.bz2
strongswan-7a53fe55118ab1d3471b430a8f384f3d2525dbbb.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 8ffa93fda..bdabc59b5 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -1302,8 +1302,9 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
 
 			ike_id = entry->ike_sa->get_id(entry->ike_sa);
 			entry->checked_out = TRUE;
-			if (message->get_first_payload_type(message) != PLV1_FRAGMENT)
-			{
+			if (message->get_first_payload_type(message) != PLV1_FRAGMENT &&
+				message->get_first_payload_type(message) != PLV2_FRAGMENT)
+			{	/* TODO-FRAG: this fails if there are unencrypted payloads */
 				entry->processing = get_message_id_or_hash(message);
 			}
 			if (ike_id->get_responder_spi(ike_id) == 0)
author	Tobias Brunner <tobias@strongswan.org>	2014-06-16 15:47:03 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2014-10-10 09:32:41 +0200
commit	7a53fe55118ab1d3471b430a8f384f3d2525dbbb (patch)
tree	0e13523516392908d3dbe6ba0b593457acc7cdcf
parent	c0f4936a23578625e7be7032d2a66db5d6a6c1a3 (diff)
download	strongswan-7a53fe55118ab1d3471b430a8f384f3d2525dbbb.tar.bz2 strongswan-7a53fe55118ab1d3471b430a8f384f3d2525dbbb.tar.xz