From 95f1735f876cd8d4939350877eaf56b4902d9cbb Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Tue, 10 Feb 2009 17:21:44 +0000 Subject: [PATCH] send proper AUTHENTICATION_FAILED if EAP method is successful, but AUTH mismatches --- src/charon/sa/tasks/ike_auth.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/charon/sa/tasks/ike_auth.c b/src/charon/sa/tasks/ike_auth.c index 2e40534..ad16217 100644 --- a/src/charon/sa/tasks/ike_auth.c +++ b/src/charon/sa/tasks/ike_auth.c @@ -336,6 +336,12 @@ static status_t build_auth_eap(private_ike_auth_t *this, message_t *message) authenticator_t *auth; auth_payload_t *auth_payload; + if (!this->initiator && !this->peer_authenticated) + { + message->add_notify(message, TRUE, AUTHENTICATION_FAILED, chunk_empty); + return FAILED; + } + auth = (authenticator_t*)this->eap_auth; if (auth->build(auth, this->my_packet->get_data(this->my_packet), this->other_nonce, &auth_payload) != SUCCESS) -- 2.7.4