Overview

File strongswan-4.x.x_invalid_ike_state.patch of Package strongswan

commit a627e31f463367d83be5814aff8ddbceb725f4ed
Author: Martin Willi <martin@strongswan.org>
Date:   Thu May 7 15:53:45 2009 +0200

    properly delete IKE_SA if IKE_SA_INIT processing failed

diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index b8e8213..126011e 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -1424,6 +1424,11 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
 			 exchange_type_names, message->get_exchange_type(message),
 			 message->get_request(message) ? "request" : "response",
 			 message->get_message_id(message));
+		
+		if (this->state == IKE_CREATED)
+		{	/* invalid initiation attempt, close SA */
+			return DESTROY_ME;
+		}
 		return status;
 	}
 	else
openSUSE Build Service is sponsored by
Places