From 336eac84eb7902eae212f05711ce06967b4d202c Mon Sep 17 00:00:00 2001
From: Filip Tehlar <ftehlar@cisco.com>
Date: Wed, 25 Mar 2020 02:46:28 +0000
Subject: ikev2: fix wrong usage of BN_bn2bin()

This patch fixes 2 different crashes:

1) BN_bn2bin() returns bytes written, not actual key length. Use
  BN_bn2binpad() instead which adds padding.
2) Initiator may receive multiple sa-init responses for the same ispi
  which may result in crash. Remember first response and ignore any
  subsequent ones.

Type: fix

Change-Id: Ia1eac9167e3100a6894c0563ee70bab04f6a5f4f
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
---
 src/plugins/ikev2/ikev2_priv.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/plugins/ikev2/ikev2_priv.h')

diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h
index b0b867758cc..c5a632c12a5 100644
--- a/src/plugins/ikev2/ikev2_priv.h
+++ b/src/plugins/ikev2/ikev2_priv.h
@@ -431,6 +431,7 @@ typedef struct
   u32 current_remote_id_mask;
   u32 old_remote_id;
   u8 old_remote_id_present;
+  u8 init_response_received;
 
   ikev2_child_sa_t *childs;
 
-- 
cgit 1.2.3-korg