diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2013-11-28 20:24:49 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2013-11-28 20:24:49 +0000 |
| commit | 1a4f421875ffdad2bef08af29e85d9bc8bf83348 (patch) | |
| tree | 666a3a2310dc7c744edd17379abcbb1afe6ab417 | |
| parent | 2adf2588b575a46151efa2cb3cfa804d58335932 (diff) | |
sa_lookup: don't compare with sh_rspi if rspi is not set
otherwise this can happen: initiator retransmits SA_INIT
with rspi of zero, sa_lookup for responder fails, and
it creates a new SA, that cannot be inserted in the SA tree
| -rw-r--r-- | sbin/iked/policy.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c index 9b64aeccd6c..5df388924f3 100644 --- a/sbin/iked/policy.c +++ b/sbin/iked/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.25 2013/11/28 20:23:28 markus Exp $ */ +/* $OpenBSD: policy.c,v 1.26 2013/11/28 20:24:48 markus Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -437,6 +437,7 @@ sa_lookup(struct iked *env, u_int64_t ispi, u_int64_t rspi, /* Validate if SPIr matches */ if ((sa->sa_hdr.sh_rspi != 0) && + (rspi != 0) && (sa->sa_hdr.sh_rspi != rspi)) return (NULL); } |