projects / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 757343d)
starter: Reject connections having both 'ah' and 'esp' keywords set
authorMartin Willi <martin@revosec.ch>
Wed, 9 Oct 2013 12:09:08 +0000 (14:09 +0200)
committerMartin Willi <martin@revosec.ch>
Fri, 11 Oct 2013 08:15:21 +0000 (10:15 +0200)
We currently don't support mixed proposals or bundles, so don't create the
illusion we would.

src/starter/args.c patch | blob | history

diff --git a/src/starter/args.c b/src/starter/args.c
index 42deb86..f5a617e 100644 (file)
--- a/src/starter/args.c
+++ b/src/starter/args.c
@@ -295,6 +295,15 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
                return FALSE;
        }
 
+       if (token == KW_ESP || token == KW_AH)
+       {
+               if (*seen & (SEEN_KW(KW_ESP, first) | SEEN_KW(KW_AH, first)))
+               {
+                       DBG1(DBG_APP, "# can't have both 'ah' and 'esp' options");
+                       return FALSE;
+               }
+       }
+
        /* set flag that this argument has been seen */
        *seen |= SEEN_KW(token, first);
 
strongSwan - IPsec VPN