ikev2: Drop IKE_SA_INIT messages that don't have the initiator flag set
authorTobias Brunner <tobias@strongswan.org>
Wed, 10 Jun 2015 13:53:08 +0000 (15:53 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 20 Aug 2015 14:05:02 +0000 (16:05 +0200)
commit47a340e1f7fb2f6e05d7ca350969c4b4e0680cdf
tree4f4e4e9118e29465da8faf2f6782479b3bccdac7
parent47ee60177ee5ff0f555033a2582068978e69ed20
ikev2: Drop IKE_SA_INIT messages that don't have the initiator flag set

While this doesn't really create any problems it is not 100% correct to
accept such messages because, of course, the sender of an IKE_SA_INIT
request is always the original initiator of an IKE_SA.

We currently don't check the flag later, so we wouldn't notice if the
peer doesn't set it in later messages (ike_sa_id_t.equals doesn't
compare it anymore since we added support for IKEv1, in particular since
17ec1c74de).
src/libcharon/network/receiver.c