ikev2: Only accept initial messages in specific states
authorTobias Brunner <tobias@strongswan.org>
Wed, 25 Feb 2015 07:30:33 +0000 (08:30 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 4 Mar 2015 12:47:53 +0000 (13:47 +0100)
commitdd0ebb54837298c869389d36a0b42eefdb893dd6
treeb5974c5e956d8aab746ea1edd7b694127479c608
parent650a3ad5151958b99a95836fb8b84b8aa18da1be
ikev2: Only accept initial messages in specific states

The previous code allowed an attacker to slip in an IKE_SA_INIT with
both SPIs and MID 1 set when an IKE_AUTH would be expected instead.

References #816.
src/libcharon/sa/ikev2/task_manager_v2.c