diff options
| author | Hakan Olsson <ho@cvs.openbsd.org> | 2003-06-15 10:32:16 +0000 |
|---|---|---|
| committer | Hakan Olsson <ho@cvs.openbsd.org> | 2003-06-15 10:32:16 +0000 |
| commit | eac3b9622068e1035c7d1974494a272c26427fe7 (patch) | |
| tree | 36e66450f2abac0659ebcd4d05682d5b0a9fc213 /sbin | |
| parent | 7292f7ad65633848de2da67302fa2729e6b32dae (diff) | |
ID copying should happen earlier in exchange_finalize so that we won't lose
data during rekeying. From Jean-Francois Dive.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/isakmpd/exchange.c | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c index 0b3e8cf0493..b5cd9ffdabc 100644 --- a/sbin/isakmpd/exchange.c +++ b/sbin/isakmpd/exchange.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exchange.c,v 1.82 2003/06/10 16:41:29 deraadt Exp $ */ +/* $OpenBSD: exchange.c,v 1.83 2003/06/15 10:32:15 ho Exp $ */ /* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */ /* @@ -1396,6 +1396,25 @@ exchange_finalize (struct message *msg) exchange_dump ("exchange_finalize", exchange); #endif + /* Copy the ID from phase 1 to exchange or phase 2 SA. */ + if (msg->isakmp_sa) + { + if (exchange->id_i && exchange->id_r) + { + ipsec_clone_id (&msg->isakmp_sa->id_i, &msg->isakmp_sa->id_i_len, + exchange->id_i, exchange->id_i_len); + ipsec_clone_id (&msg->isakmp_sa->id_r, &msg->isakmp_sa->id_r_len, + exchange->id_r, exchange->id_r_len); + } + else if (msg->isakmp_sa->id_i && msg->isakmp_sa->id_r) + { + ipsec_clone_id (&exchange->id_i, &exchange->id_i_len, + msg->isakmp_sa->id_i, msg->isakmp_sa->id_i_len); + ipsec_clone_id (&exchange->id_r, &exchange->id_r_len, + msg->isakmp_sa->id_r, msg->isakmp_sa->id_r_len); + } + } + /* * Walk over all the SAs and noting them as ready. If we set the * COMMIT bit, tell the peer each SA is connected. @@ -1501,25 +1520,6 @@ exchange_finalize (struct message *msg) ->transport))); } - /* Copy the ID from phase 1 to exchange or phase 2 SA. */ - if (msg->isakmp_sa) - { - if (exchange->id_i && exchange->id_r) - { - ipsec_clone_id (&msg->isakmp_sa->id_i, &msg->isakmp_sa->id_i_len, - exchange->id_i, exchange->id_i_len); - ipsec_clone_id (&msg->isakmp_sa->id_r, &msg->isakmp_sa->id_r_len, - exchange->id_r, exchange->id_r_len); - } - else if (msg->isakmp_sa->id_i && msg->isakmp_sa->id_r) - { - ipsec_clone_id (&exchange->id_i, &exchange->id_i_len, - msg->isakmp_sa->id_i, msg->isakmp_sa->id_i_len); - ipsec_clone_id (&exchange->id_r, &exchange->id_r_len, - msg->isakmp_sa->id_r, msg->isakmp_sa->id_r_len); - } - } - exchange->doi->finalize_exchange (msg); if (exchange->finalize) exchange->finalize (exchange, exchange->finalize_arg, 0); |