ikev2: fix issue when decrypting packet with no keys

author Filip Tehlar <ftehlar@cisco.com>

Wed, 30 Sep 2020 21:56:01 +0000 (21:56 +0000)

committer Dave Wallace <dwallacelf@gmail.com>

Wed, 14 Oct 2020 15:13:40 +0000 (15:13 +0000)
author Filip Tehlar <ftehlar@cisco.com>
Wed, 30 Sep 2020 21:56:01 +0000 (21:56 +0000)
committer Dave Wallace <dwallacelf@gmail.com>
Wed, 14 Oct 2020 15:13:40 +0000 (15:13 +0000)
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c

index 96b8e7d..bfad2ad 100644 (file)
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -858,7 +858,7 @@ ikev2_decrypt_sk_payload (ikev2_sa_t * sa, ike_header_t * ike, u8 * payload,
      ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
    int is_aead = tr_encr->encr_type == IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
  
-  if ((!sa->sk_ar || !sa->sk_ai) && !is_aead)
+  if (((!sa->sk_ar || !sa->sk_ai) && !is_aead) || (!sa->sk_ei || !sa->sk_er))
      return 0;
  
    while (p < len &&
author	Filip Tehlar <ftehlar@cisco.com>
	Wed, 30 Sep 2020 21:56:01 +0000 (21:56 +0000)
committer	Dave Wallace <dwallacelf@gmail.com>
	Wed, 14 Oct 2020 15:13:40 +0000 (15:13 +0000)