diff options
Diffstat (limited to 'src/charon/sa')
| -rw-r--r-- | src/charon/sa/ike_sa.c | 5 | ||||
| -rw-r--r-- | src/charon/sa/tasks/child_create.c | 4 |
2 files changed, 7 insertions, 2 deletions
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c index 6acbc6eef..bebd74160 100644 --- a/src/charon/sa/ike_sa.c +++ b/src/charon/sa/ike_sa.c @@ -1438,6 +1438,11 @@ static status_t process_message(private_ike_sa_t *this, message_t *message) exchange_type_names, message->get_exchange_type(message), message->get_request(message) ? "request" : "response", message->get_message_id(message)); + + if (this->state == IKE_CREATED) + { /* invalid initiation attempt, close SA */ + return DESTROY_ME; + } return status; } else diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c index f6043979f..c07cd37b8 100644 --- a/src/charon/sa/tasks/child_create.c +++ b/src/charon/sa/tasks/child_create.c @@ -1137,11 +1137,11 @@ static void destroy(private_child_create_t *this) { chunk_free(&this->my_nonce); chunk_free(&this->other_nonce); - if (this->tsi) + if (this->tsr) { this->tsr->destroy_offset(this->tsr, offsetof(traffic_selector_t, destroy)); } - if (this->tsr) + if (this->tsi) { this->tsi->destroy_offset(this->tsi, offsetof(traffic_selector_t, destroy)); } |