IKEv2 message fragments of the same message have the same msg_id. When

fragmentation was added every incoming message increased the internal
msg_id count. Fragments were handled with an explicit exception.
Now that we have msg_valid we can increase the SA's msg_id counter
only with the reconstructed message and remove the exception.

ok bluhm@

1 files changed, 5 insertions, 6 deletions

diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index feaf5d02fec..bd22bda0255 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.178 2019/11/13 12:24:40 tobhe Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.179 2019/11/15 14:14:14 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -521,8 +521,7 @@ ikev2_recv(struct iked *env, struct iked_message *msg)
 				sa_free(env, sa);
 			}
 			return;
-		} else if (sa->sa_msgid_set && msg->msg_msgid == sa->sa_msgid &&
-		    !(sa->sa_fragments.frag_count)) {
+		} else if (sa->sa_msgid_set && msg->msg_msgid == sa->sa_msgid) {
 			/*
 			 * Response is being worked on, most likely we're
 			 * waiting for the CA process to get back to us
@@ -2358,11 +2357,11 @@ ikev2_resp_recv(struct iked *env, struct iked_message *msg,
 	if ((sa = msg->msg_sa) == NULL)
 		return;
 
-	msg->msg_valid = 1;
-
-	if (sa->sa_fragments.frag_count !=0)
+	if (sa->sa_fragments.frag_count != 0)
 		return;
 
+	msg->msg_valid = 1;
+
 	if (msg->msg_natt && sa->sa_natt == 0) {
 		log_debug("%s: NAT-T message received, updated SA", __func__);
 		sa->sa_natt = 1;