summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authorMike Belopuhov <mikeb@cvs.openbsd.org>2017-01-20 13:58:06 +0000
committerMike Belopuhov <mikeb@cvs.openbsd.org>2017-01-20 13:58:06 +0000
commit252b2db5c99ccdd2622471accd6bc9e3cce1d29d (patch)
tree424149ff306bfc6632b644e1ffeef5b5a473a7a2 /sbin
parent63a083390b01bc92016947892d396746999e175c (diff)
Closed SAs should never be treated as valid
From and OK markus@, OK reyk
Diffstat (limited to 'sbin')
-rw-r--r--sbin/iked/ikev2_msg.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/sbin/iked/ikev2_msg.c b/sbin/iked/ikev2_msg.c
index c03bab11aa0..921f223e87a 100644
--- a/sbin/iked/ikev2_msg.c
+++ b/sbin/iked/ikev2_msg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ikev2_msg.c,v 1.46 2016/09/04 10:26:02 vgross Exp $ */
+/* $OpenBSD: ikev2_msg.c,v 1.47 2017/01/20 13:58:05 mikeb Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -208,6 +208,8 @@ ikev2_msg_valid_ike_sa(struct iked *env, struct ike_header *oldhdr,
#endif
if (msg->msg_sa != NULL && msg->msg_policy != NULL) {
+ if (msg->msg_sa->sa_state == IKEV2_STATE_CLOSED)
+ return (-1);
/*
* Only permit informational requests from initiator
* on closing SAs (for DELETE).
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 15:33:09 +0000