diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2011-11-25 17:59:39 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-03-20 17:31:08 +0100 |
| commit | 37639e94fba52dad26f8205ac3c263b34e697720 (patch) | |
| tree | ae99f223f8ddd43a71f1a4a0c39b5f5c5119b818 /src | |
| parent | 29a5e0707eb6cb1fd3f23b399af8f2fa0e7efe9b (diff) | |
| download | strongswan-37639e94fba52dad26f8205ac3c263b34e697720.tar.bz2 strongswan-37639e94fba52dad26f8205ac3c263b34e697720.tar.xz | |
Handle invalid IKEv1 hashes more specifically.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/encoding/message.c | 2 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/notify_payload.h | 2 | ||||
| -rw-r--r-- | src/libcharon/sa/task_manager_v1.c | 2 |
3 files changed, 4 insertions, 2 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 3b45b7608..6c6004fac 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -1942,7 +1942,7 @@ METHOD(message_t, parse_body, status_t, DBG1(DBG_ENC, "our hash does not match received %B", &other_hash); chunk_free(&hash); - return VERIFY_ERROR; + return FAILED; } DBG2(DBG_ENC, "verified IKEv1 message with hash %B", &hash); chunk_free(&hash); diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index 1fc310962..9539231ca 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -51,6 +51,8 @@ enum notify_type_t { /* IKEv1 only */ PAYLOAD_MALFORMED = 16, INVALID_KE_PAYLOAD = 17, + /* IKEv1 only */ + INVALID_HASH_INFORMATION = 23, AUTHENTICATION_FAILED = 24, SINGLE_PAIR_REQUIRED = 34, NO_ADDITIONAL_SAS = 35, diff --git a/src/libcharon/sa/task_manager_v1.c b/src/libcharon/sa/task_manager_v1.c index c1868f224..5c9c926d8 100644 --- a/src/libcharon/sa/task_manager_v1.c +++ b/src/libcharon/sa/task_manager_v1.c @@ -717,7 +717,7 @@ static status_t parse_message(private_task_manager_t *this, message_t *msg) case FAILED: DBG1(DBG_IKE, "integrity check failed"); send_notify_response(this, msg, - PAYLOAD_MALFORMED, chunk_empty); + INVALID_HASH_INFORMATION, chunk_empty); break; case INVALID_STATE: DBG1(DBG_IKE, "found encrypted message, but no keys available"); |