summaryrefslogtreecommitdiffstats
path: root/src/plugins/ikev2/ikev2.c
diff options
context:
space:
mode:
authorFilip Tehlar <ftehlar@cisco.com>2020-03-31 05:07:48 +0000
committerNeale Ranns <nranns@cisco.com>2020-03-31 15:09:54 +0000
commit967e9afa65ac427425f91ac70231b074559941ce (patch)
tree57a5ab7665067441f3704fe8fe27f23b9c75f392 /src/plugins/ikev2/ikev2.c
parente4e8c6b082bea8a80003024b24f1d002cbc0fcb1 (diff)
ikev2: fix crash during peer live check
Fix crash when peer tries to build INFO req before key exchange which results using NULL key pointers for crypto operations. Type: fix Change-Id: I20aaf1ce769e4bfb45235047c2dd38307b4e0b59 Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
Diffstat (limited to 'src/plugins/ikev2/ikev2.c')
-rw-r--r--src/plugins/ikev2/ikev2.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index f288d4fcbec..fc4a87d80fd 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -2595,7 +2595,11 @@ ikev2_node_fn (vlib_main_t * vm,
}
}
}
- len = ikev2_generate_message (sa0, ike0, 0);
+ if (!(ike0->flags & IKEV2_HDR_FLAG_RESPONSE))
+ {
+ ike0->flags |= IKEV2_HDR_FLAG_RESPONSE;
+ len = ikev2_generate_message (sa0, ike0, 0);
+ }
}
}
else if (ike0->exchange == IKEV2_EXCHANGE_CREATE_CHILD_SA)
@@ -3956,6 +3960,9 @@ ikev2_mngr_process_responder_sas (ikev2_sa_t * sa)
ikev2_main_t *km = &ikev2_main;
vlib_main_t *vm = km->vlib_main;
+ if (!sa->sk_ai || !sa->sk_ar)
+ return 0;
+
if (sa->liveness_retries > IKEV2_LIVENESS_RETRIES)
return 1;