Skip to content

Commit 46bea1a

Browse files
tobiasbrunnertobiasbrunner
committed
task-manager-v2: Reject requests for incomplete IKE_SAs as initiator
Based on a patch by Thomas Egerer.
1 parent a61b1a6 commit 46bea1a

File tree

1 file changed

+54
-11
lines changed

1 file changed

+54
-11
lines changed

src/libcharon/sa/ikev2/task_manager_v2.c

Lines changed: 54 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1458,6 +1458,59 @@ static bool looks_like_mid_sync(private_task_manager_t *this, message_t *msg,
14581458
return found && !other;
14591459
}
14601460

1461+
/**
1462+
* Check whether we should reject the given request message
1463+
*/
1464+
static inline bool reject_request(private_task_manager_t *this,
1465+
message_t *msg)
1466+
{
1467+
ike_sa_state_t state;
1468+
exchange_type_t type;
1469+
ike_sa_id_t *ike_sa_id;
1470+
bool reject = FALSE;
1471+
1472+
state = this->ike_sa->get_state(this->ike_sa);
1473+
type = msg->get_exchange_type(msg);
1474+
1475+
/* reject initial messages if not received in specific states */
1476+
switch (type)
1477+
{
1478+
case IKE_SA_INIT:
1479+
reject = state != IKE_CREATED;
1480+
break;
1481+
case IKE_AUTH:
1482+
reject = state != IKE_CONNECTING;
1483+
break;
1484+
default:
1485+
break;
1486+
}
1487+
1488+
if (!reject)
1489+
{
1490+
switch (state)
1491+
{
1492+
/* after rekeying we only expect a DELETE in an INFORMATIONAL */
1493+
case IKE_REKEYED:
1494+
reject = type != INFORMATIONAL;
1495+
break;
1496+
/* also reject requests for half-open IKE_SAs as initiator */
1497+
case IKE_CREATED:
1498+
case IKE_CONNECTING:
1499+
ike_sa_id = this->ike_sa->get_id(this->ike_sa);
1500+
reject = ike_sa_id->is_initiator(ike_sa_id);
1501+
break;
1502+
default:
1503+
break;
1504+
}
1505+
}
1506+
1507+
if (reject)
1508+
{
1509+
DBG1(DBG_IKE, "ignoring %N in IKE_SA state %N", exchange_type_names,
1510+
type, ike_sa_state_names, state);
1511+
}
1512+
return reject;
1513+
}
14611514
/**
14621515
* Check if a message with message ID 0 looks like it is used to synchronize
14631516
* the message IDs and we are prepared to process it.
@@ -1483,8 +1536,6 @@ METHOD(task_manager_t, process_message, status_t,
14831536
status_t status;
14841537
uint32_t mid;
14851538
bool schedule_delete_job = FALSE;
1486-
ike_sa_state_t state;
1487-
exchange_type_t type;
14881539

14891540
charon->bus->message(charon->bus, msg, TRUE, FALSE);
14901541
status = parse_message(this, msg);
@@ -1525,16 +1576,8 @@ METHOD(task_manager_t, process_message, status_t,
15251576
{
15261577
if (mid == this->responding.mid || (mid == 0 && is_mid_sync(this, msg)))
15271578
{
1528-
/* reject initial messages if not received in specific states,
1529-
* after rekeying we only expect a DELETE in an INFORMATIONAL */
1530-
type = msg->get_exchange_type(msg);
1531-
state = this->ike_sa->get_state(this->ike_sa);
1532-
if ((type == IKE_SA_INIT && state != IKE_CREATED) ||
1533-
(type == IKE_AUTH && state != IKE_CONNECTING) ||
1534-
(state == IKE_REKEYED && type != INFORMATIONAL))
1579+
if (reject_request(this, msg))
15351580
{
1536-
DBG1(DBG_IKE, "ignoring %N in IKE_SA state %N",
1537-
exchange_type_names, type, ike_sa_state_names, state);
15381581
return FAILED;
15391582
}
15401583
if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))

0 commit comments

Comments
 (0)