diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2007-04-02 19:04:51 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2007-04-02 19:04:51 +0000 |
| commit | a0c15611a41664613afb202488c6d69b15b8b7db (patch) | |
| tree | 31c0c9a49b03818e2b949acbf8702cbac2a5f1d5 /src | |
| parent | ed284399cd504e62e1d2302d514c73378508b58a (diff) | |
| download | strongswan-a0c15611a41664613afb202488c6d69b15b8b7db.tar.bz2 strongswan-a0c15611a41664613afb202488c6d69b15b8b7db.tar.xz | |
bug fix: check existence of encryption key before sending encrypted notification
Diffstat (limited to 'src')
| -rw-r--r-- | src/pluto/ipsec_doi.c | 37 |
1 files changed, 20 insertions, 17 deletions
diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 306f7d213..1c22b299b 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -453,9 +453,11 @@ send_notification_from_state(struct state *st, enum state_kind state, if (state == STATE_UNDEFINED) state = st->st_state; - if (IS_QUICK(state)) { + if (IS_QUICK(state)) + { p1st = find_phase1_state(st->st_connection, ISAKMP_SA_ESTABLISHED_STATES); - if ((p1st == NULL) || (!IS_ISAKMP_SA_ESTABLISHED(p1st->st_state))) { + if ((p1st == NULL) || (!IS_ISAKMP_SA_ESTABLISHED(p1st->st_state))) + { loglog(RC_LOG_SERIOUS, "no Phase1 state for Quick mode notification"); return; @@ -463,11 +465,13 @@ send_notification_from_state(struct state *st, enum state_kind state, send_notification(st, type, p1st, generate_msgid(p1st), st->st_icookie, st->st_rcookie, NULL, 0, PROTO_ISAKMP); } - else if (IS_ISAKMP_ENCRYPTED(state)) { + else if (IS_ISAKMP_ENCRYPTED(state) && st->st_enc_key.ptr != NULL) + { send_notification(st, type, st, generate_msgid(st), st->st_icookie, st->st_rcookie, NULL, 0, PROTO_ISAKMP); } - else { + else + { /* no ISAKMP SA established - don't encrypt notification */ send_notification(st, type, NULL, 0, st->st_icookie, st->st_rcookie, NULL, 0, PROTO_ISAKMP); @@ -3509,23 +3513,22 @@ main_inR2_outI3(struct msg_digest *md) send_cr = !no_cr_send && send_cert && !has_preloaded_public_key(st); /* done parsing; initialize crypto */ - compute_dh_shared(st, st->st_gr, st->st_oakley.group); if (!generate_skeyids_iv(st)) return STF_FAIL + AUTHENTICATION_FAILED; - if (st->nat_traversal & NAT_T_WITH_NATD) - { - nat_traversal_natd_lookup(md); - } - if (st->nat_traversal) - { - nat_traversal_show_result(st->nat_traversal, md->sender_port); - } - if (st->nat_traversal & NAT_T_WITH_KA) - { - nat_traversal_new_ka_event(); - } + if (st->nat_traversal & NAT_T_WITH_NATD) + { + nat_traversal_natd_lookup(md); + } + if (st->nat_traversal) + { + nat_traversal_show_result(st->nat_traversal, md->sender_port); + } + if (st->nat_traversal & NAT_T_WITH_KA) + { + nat_traversal_new_ka_event(); + } /*************** build output packet HDR*;IDii;HASH/SIG_I ***************/ /* ??? NOTE: this is almost the same as main_inI3_outR3's code */ |