diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-10-04 17:07:30 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-02-08 15:10:51 +0100 |
| commit | cbb6885e9b86acb1c424da2b54eabc6eeaeffca5 (patch) | |
| tree | 9ce9cbf7c74f57b1509f60d63af1266d67e134b3 /src/libcharon/sa/ikev2/tasks | |
| parent | c3d98d298ec2238a8a76694587fa1f36b5a1e14c (diff) | |
| download | strongswan-cbb6885e9b86acb1c424da2b54eabc6eeaeffca5.tar.bz2 strongswan-cbb6885e9b86acb1c424da2b54eabc6eeaeffca5.tar.xz | |
ikev2: Ignore IKEV2_MESSAGE_ID_SYNC notifies if extension is disabled
If this is the first message by the peer, i.e. we expect MID 0, the
message is not pre-processed in the task manager so we ignore it in the
task.
We also make sure to ignore such messages if the extension is disabled
and the peer already sent us one INFORMATIONAL, e.g. a DPD (we'd otherwise
consider the message with MID 0 as a retransmit).
Diffstat (limited to 'src/libcharon/sa/ikev2/tasks')
| -rw-r--r-- | src/libcharon/sa/ikev2/tasks/ike_mid_sync.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mid_sync.c b/src/libcharon/sa/ikev2/tasks/ike_mid_sync.c index d7de11303..24cf276f4 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_mid_sync.c +++ b/src/libcharon/sa/ikev2/tasks/ike_mid_sync.c @@ -112,6 +112,13 @@ METHOD(task_t, pre_process, status_t, * unexpected message ID */ return SUCCESS; } + if (!this->ike_sa->supports_extension(this->ike_sa, + EXT_IKE_MESSAGE_ID_SYNC)) + { + DBG1(DBG_ENC, "unexpected %N notify, ignored", notify_type_names, + IKEV2_MESSAGE_ID_SYNC); + return FAILED; + } notify = message->get_notify(message, IKEV2_MESSAGE_ID_SYNC); reader = bio_reader_create(notify->get_notification_data(notify)); |