ikev2: Allow tasks to verify response messages before processing them
authorTobias Brunner <tobias@strongswan.org>
Thu, 21 May 2015 12:45:52 +0000 (14:45 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 4 Mar 2016 15:03:00 +0000 (16:03 +0100)
src/libcharon/sa/ikev2/task_manager_v2.c

index feddada..1b37b45 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2014 Tobias Brunner
+ * Copyright (C) 2007-2015 Tobias Brunner
  * Copyright (C) 2007-2010 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -662,6 +662,32 @@ static status_t process_response(private_task_manager_t *this,
                return DESTROY_ME;
        }
 
+       enumerator = array_create_enumerator(this->active_tasks);
+       while (enumerator->enumerate(enumerator, &task))
+       {
+               if (!task->pre_process)
+               {
+                       continue;
+               }
+               switch (task->pre_process(task, message))
+               {
+                       case SUCCESS:
+                               break;
+                       case FAILED:
+                       default:
+                               /* just ignore the message */
+                               DBG1(DBG_IKE, "ignore invalid %N response",
+                                        exchange_type_names, message->get_exchange_type(message));
+                               enumerator->destroy(enumerator);
+                               return SUCCESS;
+                       case DESTROY_ME:
+                               /* critical failure, destroy IKE_SA */
+                               enumerator->destroy(enumerator);
+                               return DESTROY_ME;
+               }
+       }
+       enumerator->destroy(enumerator);
+
        /* catch if we get resetted while processing */
        this->reset = FALSE;
        enumerator = array_create_enumerator(this->active_tasks);