aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/network/receiver.c
diff options
context:
space:
mode:
authorThomas Egerer <thomas.egerer@secunet.com>2017-03-10 10:45:48 +0100
committerTobias Brunner <tobias@strongswan.org>2017-05-23 17:53:20 +0200
commit3a67df3b10ffb29c880823572b8fa01787931bdb (patch)
treee1e4aa76d8e8fc371ba11c22be71537d7f8709d5 /src/libcharon/network/receiver.c
parent6b9361f71418239fb0835e9ff5bf0b1816f9dc04 (diff)
downloadstrongswan-3a67df3b10ffb29c880823572b8fa01787931bdb.tar.bz2
strongswan-3a67df3b10ffb29c880823572b8fa01787931bdb.tar.xz
receiver: Restrict init limit to half-open SAs as responder
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Diffstat (limited to 'src/libcharon/network/receiver.c')
-rw-r--r--src/libcharon/network/receiver.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index 1bf93ad40..8fb48281f 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -321,18 +321,16 @@ static bool cookie_required(private_receiver_t *this,
*/
static bool drop_ike_sa_init(private_receiver_t *this, message_t *message)
{
- u_int half_open, half_open_r;
+ u_int half_open;
uint32_t now;
now = time_monotonic(NULL);
half_open = charon->ike_sa_manager->get_half_open_count(
- charon->ike_sa_manager, NULL, FALSE);
- half_open_r = charon->ike_sa_manager->get_half_open_count(
charon->ike_sa_manager, NULL, TRUE);
/* check for cookies in IKEv2 */
if (message->get_major_version(message) == IKEV2_MAJOR_VERSION &&
- cookie_required(this, half_open_r, now) && !check_cookie(this, message))
+ cookie_required(this, half_open, now) && !check_cookie(this, message))
{
chunk_t cookie;