Overview

File 0018-strongswan-5.4.1dr4-queue-informational-msgs.patch of Package strongswan.22505

From 1b4e7fe1e83b685b79d87dba5df42b6a852845f1 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 26 Apr 2016 12:44:49 +0200
Subject: [PATCH] ikev1: Queue INFORMATIONAL messages during XAuth

Some peers send an INITIAL_CONTACT notify after they received our XAuth
username.  The XAuth task waiting for the third XAuth message handles
this incorrectly and closes the IKE_SA as no configuration payloads are
contained in the message.  We queue the INFORMATIONAL until the XAuth
exchange is complete to avoid this issue.

Fixes #1434.
---
 src/libcharon/sa/ikev1/task_manager_v1.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 96005d7..273936c 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2013 Tobias Brunner
+ * Copyright (C) 2007-2016 Tobias Brunner
  * Copyright (C) 2007-2011 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -935,9 +935,9 @@ static bool have_quick_mode_task(private_task_manager_t *this, uint32_t mid)
 }
 
 /**
- * Check if we still have an aggressive mode task queued
+ * Check if we still have a specific task queued
  */
-static bool have_aggressive_mode_task(private_task_manager_t *this)
+static bool have_task_queued(private_task_manager_t *this, task_type_t type)
 {
 	enumerator_t *enumerator;
 	task_t *task;
@@ -946,7 +946,7 @@ static bool have_aggressive_mode_task(private_task_manager_t *this)
 	enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
 	while (enumerator->enumerate(enumerator, &task))
 	{
-		if (task->get_type(task) == TASK_AGGRESSIVE_MODE)
+		if (task->get_type(task) == type)
 		{
 			found = TRUE;
 			break;
@@ -1405,7 +1405,7 @@ METHOD(task_manager_t, process_message, status_t,
 		/* drop XAuth/Mode Config/Quick Mode messages until we received the last
 		 * Aggressive Mode message.  since Informational messages are not
 		 * retransmitted we queue them. */
-		if (have_aggressive_mode_task(this))
+		if (have_task_queued(this, TASK_AGGRESSIVE_MODE))
 		{
 			if (msg->get_exchange_type(msg) == INFORMATIONAL_V1)
 			{
@@ -1427,6 +1427,13 @@ METHOD(task_manager_t, process_message, status_t,
 			return queue_message(this, msg);
 		}
 
+		/* some peers send INITIAL_CONTACT notifies during XAuth, cache it */
+		if (have_task_queued(this, TASK_XAUTH) &&
+			msg->get_exchange_type(msg) == INFORMATIONAL_V1)
+		{
+			return queue_message(this, msg);
+		}
+
 		msg->set_request(msg, TRUE);
 		charon->bus->message(charon->bus, msg, TRUE, FALSE);
 		status = parse_message(this, msg);
-- 
1.9.1
openSUSE Build Service is sponsored by
Places