Reject quick modes if IKE_SA not yet established
authorMartin Willi <martin@revosec.ch>
Fri, 9 Dec 2011 14:18:23 +0000 (15:18 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:16 +0000 (17:31 +0100)
src/libcharon/sa/task_manager_v1.c

index c012295..7fda51e 100755 (executable)
@@ -592,6 +592,12 @@ static status_t process_request(private_task_manager_t *this,
                                /* TODO-IKEv1: agressive mode */
                                return FAILED;
                        case QUICK_MODE:
+                               if (this->ike_sa->get_state(this->ike_sa) != IKE_ESTABLISHED)
+                               {
+                                       DBG1(DBG_IKE, "received quick mode request for "
+                                                "unestablished IKE_SA, ignored");
+                                       return FAILED;
+                               }
                                task = (task_t *)quick_mode_create(this->ike_sa, NULL,
                                                                                                   NULL, NULL);
                                this->passive_tasks->insert_last(this->passive_tasks, task);