diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2012-06-26 11:05:44 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2012-06-26 11:05:44 +0000 |
| commit | fd9397cf91d402020a102e6012f5a9fd9111cc26 (patch) | |
| tree | f580175655553b9a11f1be12d1a0e18079add7bb | |
| parent | 8bd886612dae86d5754a723a05f7dc67be661901 (diff) | |
close SA when IKE_SA_INIT or IKE_AUTH exchanges fail;
don't cache the response to IKE_SA_INIT.
| -rw-r--r-- | sbin/iked/ikev2.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 7cb42f9ae93..e17647192c2 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.68 2012/06/26 11:00:28 mikeb Exp $ */ +/* $OpenBSD: ikev2.c,v 1.69 2012/06/26 11:05:43 mikeb Exp $ */ /* $vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $ */ /* @@ -1680,6 +1680,7 @@ ikev2_resp_recv(struct iked *env, struct iked_message *msg, } if (ikev2_resp_ike_sa_init(env, msg) != 0) { log_debug("%s: failed to send init response", __func__); + sa_state(env, sa, IKEV2_STATE_CLOSED); return; } break; @@ -1696,6 +1697,7 @@ ikev2_resp_recv(struct iked *env, struct iked_message *msg, if (ikev2_ike_auth(env, sa, msg) != 0) { log_debug("%s: failed to send auth response", __func__); + sa_state(env, sa, IKEV2_STATE_CLOSED); return; } break; @@ -1842,6 +1844,7 @@ ikev2_resp_ike_sa_init(struct iked *env, struct iked_message *msg) goto done; } + resp.msg_sa = NULL; /* Don't save the response */ ret = ikev2_msg_send(env, &resp); done: |