From 1242a48a7283ad9a20b3b150cebe8c24b8cc98e3 Mon Sep 17 00:00:00 2001 From: Reyk Floeter Date: Fri, 21 Jan 2011 13:09:47 +0000 Subject: don't create child sas from empty proposals. ok mikeb@ --- sbin/iked/ikev2.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'sbin/iked/ikev2.c') diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 11f11814251..4120fb8cdfc 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.36 2011/01/21 11:56:00 reyk Exp $ */ +/* $OpenBSD: ikev2.c,v 1.37 2011/01/21 13:09:46 reyk Exp $ */ /* $vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $ */ /* @@ -2136,7 +2136,7 @@ int ikev2_init_create_child_sa(struct iked *env, struct iked_message *msg) { struct iked_childsa *csa; - struct iked_proposal *prop, *mprop = msg->msg_prop; + struct iked_proposal *prop; struct iked_sa *sa = msg->msg_sa; struct ikev2_delete *del; struct ibuf *buf = NULL; @@ -2148,7 +2148,7 @@ ikev2_init_create_child_sa(struct iked *env, struct iked_message *msg) (sa->sa_stateflags & IKED_REQ_CHILDSA) == 0) return (0); - if (mprop == NULL) { + if (msg->msg_prop == NULL) { log_debug("%s: no proposal specified", __func__); return (-1); } @@ -2240,7 +2240,7 @@ ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) initiator = sa->sa_hdr.sh_initiator ? 1 : 0; - if (!ikev2_msg_frompeer(msg)) + if (!ikev2_msg_frompeer(msg) || msg->msg_prop == NULL) return (0); if ((protoid = rekey->spi_protoid) == 0) { @@ -2249,8 +2249,7 @@ ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) * IKE SA rekeying or the client wants to create additional * CHILD SAs */ - if (msg->msg_prop && - msg->msg_prop->prop_protoid == IKEV2_SAPROTO_IKE) { + if (msg->msg_prop->prop_protoid == IKEV2_SAPROTO_IKE) { protoid = rekey->spi_protoid = IKEV2_SAPROTO_IKE; if (sa->sa_hdr.sh_initiator) rekey->spi = sa->sa_hdr.sh_rspi; -- cgit v1.2.3