diff options
author | evitayan <evitayan@google.com> | 2020-05-15 19:41:50 -0700 |
---|---|---|
committer | evitayan <evitayan@google.com> | 2020-05-19 12:41:56 -0700 |
commit | 778f73f9c4de4be0c01649206c2764ba59c0e5b2 (patch) | |
tree | 0f4756891bd8c101f2bd280c106c4a571da83caf | |
parent | 712cb8aee20895abfb6595cdc0c38d4c68d2a995 (diff) | |
download | ike-778f73f9c4de4be0c01649206c2764ba59c0e5b2.tar.gz |
Fix NullPointException in creating first Child
This commit fixes the NullPointException when creating first
Child is rejected by a error notification. The root cause is
that when receiving a error notification, saPayload returned
by ikeMessage.getPayloadForType will be null and will be
passed to #handleFirstChildExchange.
This commit also stops throwing fatal exception to
IkeSessionStateMachine when there is a missing payload
for create first Child. This will allow IKE AUTH succeed and
let ChildSessionStateMachine to do the check
Bug: 148287674
Test: atest testIkeAuthHandlesFirstChildCreationFail
Test: atest FrameworksIkeTests
Change-Id: I0f130abca20c748969b28cb7ad67de3392a3aa06
-rw-r--r-- | src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java | 57 |
1 files changed, 16 insertions, 41 deletions
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java b/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java index 85d61291..4fa2da54 100644 --- a/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java +++ b/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java @@ -132,7 +132,6 @@ import com.android.internal.net.ipsec.ike.message.IkeNotifyPayload; import com.android.internal.net.ipsec.ike.message.IkePayload; import com.android.internal.net.ipsec.ike.message.IkeSaPayload; import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IkeProposal; -import com.android.internal.net.ipsec.ike.message.IkeTsPayload; import com.android.internal.net.ipsec.ike.message.IkeVendorPayload; import com.android.internal.net.ipsec.ike.utils.IkeAlarmReceiver; import com.android.internal.net.ipsec.ike.utils.IkeSecurityParameterIndex; @@ -3085,50 +3084,26 @@ public class IkeSessionStateMachine extends AbstractSessionStateMachine { protected List<IkePayload> extractChildPayloadsFromMessage(IkeMessage ikeMessage) throws InvalidSyntaxException { - IkeSaPayload saPayload = - ikeMessage.getPayloadForType(IkePayload.PAYLOAD_TYPE_SA, IkeSaPayload.class); - IkeTsPayload tsInitPayload = - ikeMessage.getPayloadForType( - IkePayload.PAYLOAD_TYPE_TS_INITIATOR, IkeTsPayload.class); - IkeTsPayload tsRespPayload = - ikeMessage.getPayloadForType( - IkePayload.PAYLOAD_TYPE_TS_RESPONDER, IkeTsPayload.class); - - List<IkeNotifyPayload> notifyPayloads = - ikeMessage.getPayloadListForType( - IkePayload.PAYLOAD_TYPE_NOTIFY, IkeNotifyPayload.class); - - IkeConfigPayload configPayload = - ikeMessage.getPayloadForType( - IkePayload.PAYLOAD_TYPE_CP, IkeConfigPayload.class); - - boolean hasErrorNotify = false; List<IkePayload> list = new LinkedList<>(); - for (IkeNotifyPayload payload : notifyPayloads) { - if (payload.isNewChildSaNotify()) { - list.add(payload); - if (payload.isErrorNotify()) { - hasErrorNotify = true; - } + for (IkePayload payload : ikeMessage.ikePayloadList) { + switch (payload.payloadType) { + case PAYLOAD_TYPE_SA: // fall through + case PAYLOAD_TYPE_TS_INITIATOR: // fall through + case PAYLOAD_TYPE_TS_RESPONDER: // fall through + case PAYLOAD_TYPE_CP: + list.add(payload); + break; + case PAYLOAD_TYPE_NOTIFY: + if (((IkeNotifyPayload) payload).isNewChildSaNotify()) { + list.add(payload); + } + break; + default: + // Ignore payloads unrelated with Child negotiation } } - // If there is no error notification, SA, TS-initiator and TS-responder MUST all be - // included in this message. - if (!hasErrorNotify - && (saPayload == null || tsInitPayload == null || tsRespPayload == null)) { - throw new InvalidSyntaxException( - "SA, TS-Initiator or TS-Responder payload is missing."); - } - - list.add(saPayload); - list.add(tsInitPayload); - list.add(tsRespPayload); - - if (configPayload != null) { - list.add(configPayload); - } - + // Payload validation is done in ChildSessionStateMachine return list; } |