Raise a bus alert when a received message contains unknown SPIs

author: Martin Willi <martin@revosec.ch> 2012-10-08 11:09:31 +0200
committer: Martin Willi <martin@revosec.ch> 2012-10-24 11:34:30 +0200
commit: f6f16131d0630e38dbc86d922d84e1a5285725ef (patch)
tree: 6bda3432052f9724450bda0bc3aa53e93280ce2a /src
parent: 47904e3c746aebd7e37947e9827c33de700833fb (diff)
download: strongswan-f6f16131d0630e38dbc86d922d84e1a5285725ef.tar.bz2
strongswan-f6f16131d0630e38dbc86d922d84e1a5285725ef.tar.xz
2 files changed, 6 insertions, 0 deletions
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 4bde2434b..c732b8c92 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -92,6 +92,8 @@ enum alert_t {
 	ALERT_PEER_ADDR_FAILED,
 	/** peer did not respond to initial message, current try (int, 0-based) */
 	ALERT_PEER_INIT_UNREACHABLE,
+	/** received IKE message with invalid SPI, argument is message_t* */
+	ALERT_INVALID_IKE_SPI,
 };
 
 /**
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index a396235c2..cccf5d0d1 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -1274,6 +1274,10 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
 		}
 		unlock_single_segment(this, segment);
 	}
+	else
+	{
+		charon->bus->alert(charon->bus, ALERT_INVALID_IKE_SPI, message);
+	}
 	id->destroy(id);
 	charon->bus->set_sa(charon->bus, ike_sa);
 	return ike_sa;
author	Martin Willi <martin@revosec.ch>	2012-10-08 11:09:31 +0200
committer	Martin Willi <martin@revosec.ch>	2012-10-24 11:34:30 +0200
commit	f6f16131d0630e38dbc86d922d84e1a5285725ef (patch)
tree	6bda3432052f9724450bda0bc3aa53e93280ce2a /src
parent	47904e3c746aebd7e37947e9827c33de700833fb (diff)
download	strongswan-f6f16131d0630e38dbc86d922d84e1a5285725ef.tar.bz2 strongswan-f6f16131d0630e38dbc86d922d84e1a5285725ef.tar.xz