diff options
| author |   mikeb <mikeb@openbsd.org> | 2012-06-26 11:05:43 +0000 |
|---|---|---|
| committer | mikeb <mikeb@openbsd.org> | 2012-06-26 11:05:43 +0000 |
| commit | 6c77f7ffccf73554b064f6e496a027c67a582454 (patch) | |
| tree | 75a460b64c1b6bb33b54f997b02d63ddcc8c0be6 | |
| parent | Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation (diff) | |
| download | wireguard-openbsd-6c77f7ffccf73554b064f6e496a027c67a582454.tar.xz wireguard-openbsd-6c77f7ffccf73554b064f6e496a027c67a582454.zip | |
close SA when IKE_SA_INIT or IKE_AUTH exchanges fail;
don't cache the response to IKE_SA_INIT.
| -rw-r--r-- | sbin/iked/ikev2.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 7cb42f9ae93..e17647192c2 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.68 2012/06/26 11:00:28 mikeb Exp $ */ +/* $OpenBSD: ikev2.c,v 1.69 2012/06/26 11:05:43 mikeb Exp $ */ /* $vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $ */ /* @@ -1680,6 +1680,7 @@ ikev2_resp_recv(struct iked *env, struct iked_message *msg, } if (ikev2_resp_ike_sa_init(env, msg) != 0) { log_debug("%s: failed to send init response", __func__); + sa_state(env, sa, IKEV2_STATE_CLOSED); return; } break; @@ -1696,6 +1697,7 @@ ikev2_resp_recv(struct iked *env, struct iked_message *msg, if (ikev2_ike_auth(env, sa, msg) != 0) { log_debug("%s: failed to send auth response", __func__); + sa_state(env, sa, IKEV2_STATE_CLOSED); return; } break; @@ -1842,6 +1844,7 @@ ikev2_resp_ike_sa_init(struct iked *env, struct iked_message *msg) goto done; } + resp.msg_sa = NULL; /* Don't save the response */ ret = ikev2_msg_send(env, &resp); done: |