diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-06-09 11:46:06 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-06-09 11:46:06 +0200 |
| commit | b3a3756abe91208ebf13c436a0f9a3dff5ac7f9c (patch) | |
| tree | 949cc985e03e88b8597de698bfefcfaa97c46780 /src | |
| parent | 50053250201b2d81383643b91164d95d6ca5c329 (diff) | |
| parent | 1ba2b015fae7b9f37500e9aff515cd532e5a8781 (diff) | |
| download | strongswan-b3a3756abe91208ebf13c436a0f9a3dff5ac7f9c.tar.bz2 strongswan-b3a3756abe91208ebf13c436a0f9a3dff5ac7f9c.tar.xz | |
Merge branch 'ipsec-sa-cfg-equals'
Fixes the comparison of ipsec_sa_cfg_t instances in case there is
padding that's not initialized to zero.
Fixes #1503.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c | 5 | ||||
| -rw-r--r-- | src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/ipsec/ipsec_types.c | 16 | ||||
| -rw-r--r-- | src/libstrongswan/ipsec/ipsec_types.h | 9 |
4 files changed, 29 insertions, 3 deletions
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index add4761f6..ab896a4ae 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -414,8 +414,9 @@ static bool ipsec_sa_equals(ipsec_sa_t *sa, ipsec_sa_t *other_sa) { return sa->src->ip_equals(sa->src, other_sa->src) && sa->dst->ip_equals(sa->dst, other_sa->dst) && - memeq(&sa->mark, &other_sa->mark, sizeof(mark_t)) && - memeq(&sa->cfg, &other_sa->cfg, sizeof(ipsec_sa_cfg_t)); + sa->mark.value == other_sa->mark.value && + sa->mark.mask == other_sa->mark.mask && + ipsec_sa_cfg_equals(&sa->cfg, &other_sa->cfg); } /** diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index be223b7d9..a0fd42995 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -352,7 +352,7 @@ static bool ipsec_sa_equals(ipsec_sa_t *sa, ipsec_sa_t *other_sa) { return sa->src->ip_equals(sa->src, other_sa->src) && sa->dst->ip_equals(sa->dst, other_sa->dst) && - memeq(&sa->cfg, &other_sa->cfg, sizeof(ipsec_sa_cfg_t)); + ipsec_sa_cfg_equals(&sa->cfg, &other_sa->cfg); } /** diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c index f2ee11ee8..a52a1eb51 100644 --- a/src/libstrongswan/ipsec/ipsec_types.c +++ b/src/libstrongswan/ipsec/ipsec_types.c @@ -40,6 +40,22 @@ ENUM(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_LZJH, /* * See header */ +bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b) +{ + return a->mode == b->mode && + a->reqid == b->reqid && + a->policy_count == b->policy_count && + a->esp.use == b->esp.use && + a->esp.spi == b->esp.spi && + a->ah.use == b->ah.use && + a->ah.spi == b->ah.spi && + a->ipcomp.transform == b->ipcomp.transform && + a->ipcomp.cpi == b->ipcomp.cpi; +} + +/* + * See header + */ bool mark_from_string(const char *value, mark_t *mark) { char *endptr; diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h index cbc0d089b..c93d95562 100644 --- a/src/libstrongswan/ipsec/ipsec_types.h +++ b/src/libstrongswan/ipsec/ipsec_types.h @@ -143,6 +143,15 @@ struct ipsec_sa_cfg_t { }; /** + * Compare two ipsec_sa_cfg_t objects for equality. + * + * @param a first object + * @param b second object + * @return TRUE if both objects are equal + */ +bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b); + +/** * A lifetime_cfg_t defines the lifetime limits of an SA. * * Set any of these values to 0 to ignore. |