ike: Do not cache MID of IKEv2 fragments
authorTobias Brunner <tobias@strongswan.org>
Mon, 16 Jun 2014 13:47:03 +0000 (15:47 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 10 Oct 2014 07:32:41 +0000 (09:32 +0200)
This fails if there are unencrypted payloads before an encrypted
fragment payload in the first fragment.

src/libcharon/sa/ike_sa_manager.c

index 8ffa93f..bdabc59 100644 (file)
@@ -1302,8 +1302,9 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
 
                        ike_id = entry->ike_sa->get_id(entry->ike_sa);
                        entry->checked_out = TRUE;
-                       if (message->get_first_payload_type(message) != PLV1_FRAGMENT)
-                       {
+                       if (message->get_first_payload_type(message) != PLV1_FRAGMENT &&
+                               message->get_first_payload_type(message) != PLV2_FRAGMENT)
+                       {       /* TODO-FRAG: this fails if there are unencrypted payloads */
                                entry->processing = get_message_id_or_hash(message);
                        }
                        if (ike_id->get_responder_spi(ike_id) == 0)