ikev2: fix issue when decrypting packet with no keys

author Filip Tehlar <ftehlar@cisco.com>

Wed, 30 Sep 2020 21:56:01 +0000 (21:56 +0000)

committer Filip Tehlar <ftehlar@cisco.com>

Wed, 30 Sep 2020 21:56:01 +0000 (21:56 +0000)
author Filip Tehlar <ftehlar@cisco.com>
Wed, 30 Sep 2020 21:56:01 +0000 (21:56 +0000)
committer Filip Tehlar <ftehlar@cisco.com>
Wed, 30 Sep 2020 21:56:01 +0000 (21:56 +0000)
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c

index 593d616..63e89b5 100644 (file)
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -915,7 +915,7 @@ ikev2_decrypt_sk_payload (ikev2_sa_t * sa, ike_header_t * ike,
      ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
    int is_aead = tr_encr->encr_type == IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM_16;
  
-  if ((!sa->sk_ar || !sa->sk_ai) && !is_aead)
+  if (((!sa->sk_ar || !sa->sk_ai) && !is_aead) || (!sa->sk_ei || !sa->sk_er))
      return 0;
  
    if (rlen <= sizeof (*ike))
author	Filip Tehlar <ftehlar@cisco.com>
	Wed, 30 Sep 2020 21:56:01 +0000 (21:56 +0000)
committer	Filip Tehlar <ftehlar@cisco.com>
	Wed, 30 Sep 2020 21:56:01 +0000 (21:56 +0000)