ike-config: If we don't send a CFG_REQUEST, we don't expect a CFG_REPLY
authorTobias Brunner <tobias@strongswan.org>
Fri, 29 Mar 2019 10:05:42 +0000 (11:05 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 4 Apr 2019 09:06:20 +0000 (11:06 +0200)
Previously, attributes in an incorrectly sent CFG_REPLY would still be passed
to attribute handlers.  This does not prevent handlers from receiving
unrequested attributes if they requested at least one other.

src/libcharon/sa/ikev2/tasks/ike_config.c

index fdccda5..3fb4b94 100644 (file)
@@ -317,6 +317,10 @@ METHOD(task_t, build_i, status_t,
                {
                        message->add_payload(message, (payload_t*)cp);
                }
+               else
+               {       /* we don't expect a CFG_REPLY */
+                       return SUCCESS;
+               }
        }
        return NEED_MORE;
 }