ikev1: Make sure proposed IPsec mode matches our own

author Tobias Brunner <tobias@strongswan.org>

Tue, 12 Aug 2014 13:15:02 +0000 (15:15 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Tue, 9 Sep 2014 08:56:16 +0000 (10:56 +0200)
author Tobias Brunner <tobias@strongswan.org>
Tue, 12 Aug 2014 13:15:02 +0000 (15:15 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Tue, 9 Sep 2014 08:56:16 +0000 (10:56 +0200)
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c

index 0d6be38..1133aab 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -1030,7 +1030,8 @@ METHOD(task_t, process_r, status_t,
                         }
                         tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy));
                         tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy));
-                       if (!this->config || !this->tsi || !this->tsr)
+                       if (!this->config || !this->tsi || !this->tsr ||
+                               this->mode != this->config->get_mode(this->config))
                         {
                                 DBG1(DBG_IKE, "no matching CHILD_SA config found");
                                 return send_notify(this, INVALID_ID_INFORMATION);
author	Tobias Brunner <tobias@strongswan.org>
	Tue, 12 Aug 2014 13:15:02 +0000 (15:15 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Tue, 9 Sep 2014 08:56:16 +0000 (10:56 +0200)