starter: Reject connections having both 'ah' and 'esp' keywords set

We currently don't support mixed proposals or bundles, so don't create the illusion we would.
author: Martin Willi <martin@revosec.ch> 2013-10-09 14:09:08 +0200
committer: Martin Willi <martin@revosec.ch> 2013-10-11 10:15:21 +0200
commit: e48e530b44f9d8a1dc40fc11f394eecaffc10e9e (patch)
tree: d6b1943effbc817add2775ea160f7c8ac7f234d3 /src
parent: 757343d90ecb68974dcf79458f87b6eae1ed654d (diff)
download: strongswan-e48e530b44f9d8a1dc40fc11f394eecaffc10e9e.tar.bz2
strongswan-e48e530b44f9d8a1dc40fc11f394eecaffc10e9e.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/src/starter/args.c b/src/starter/args.c
index 42deb8639..f5a617eaa 100644
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -295,6 +295,15 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
 		return FALSE;
 	}
 
+	if (token == KW_ESP || token == KW_AH)
+	{
+		if (*seen & (SEEN_KW(KW_ESP, first) | SEEN_KW(KW_AH, first)))
+		{
+			DBG1(DBG_APP, "# can't have both 'ah' and 'esp' options");
+			return FALSE;
+		}
+	}
+
 	/* set flag that this argument has been seen */
 	*seen |= SEEN_KW(token, first);
author	Martin Willi <martin@revosec.ch>	2013-10-09 14:09:08 +0200
committer	Martin Willi <martin@revosec.ch>	2013-10-11 10:15:21 +0200
commit	e48e530b44f9d8a1dc40fc11f394eecaffc10e9e (patch)
tree	d6b1943effbc817add2775ea160f7c8ac7f234d3 /src
parent	757343d90ecb68974dcf79458f87b6eae1ed654d (diff)
download	strongswan-e48e530b44f9d8a1dc40fc11f394eecaffc10e9e.tar.bz2 strongswan-e48e530b44f9d8a1dc40fc11f394eecaffc10e9e.tar.xz