Fix NullPointException in creating first Child

This commit fixes the NullPointException when creating first Child is rejected by a error notification. The root cause is that when receiving a error notification, saPayload returned by ikeMessage.getPayloadForType will be null and will be passed to #handleFirstChildExchange. This commit also stops throwing fatal exception to IkeSessionStateMachine when there is a missing payload for create first Child. This will allow IKE AUTH succeed and let ChildSessionStateMachine to do the check Bug: 148287674 Test: atest testIkeAuthHandlesFirstChildCreationFail Test: atest FrameworksIkeTests Change-Id: I0f130abca20c748969b28cb7ad67de3392a3aa06
author: evitayan <evitayan@google.com> 2020-05-15 19:41:50 -0700
committer: evitayan <evitayan@google.com> 2020-05-19 12:41:56 -0700
commit: 778f73f9c4de4be0c01649206c2764ba59c0e5b2 (patch)
tree: 0f4756891bd8c101f2bd280c106c4a571da83caf
parent: 712cb8aee20895abfb6595cdc0c38d4c68d2a995 (diff)
download: ike-778f73f9c4de4be0c01649206c2764ba59c0e5b2.tar.gz
1 files changed, 16 insertions, 41 deletions
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java b/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java
index 85d61291..4fa2da54 100644
--- a/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java
+++ b/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java
@@ -132,7 +132,6 @@ import com.android.internal.net.ipsec.ike.message.IkeNotifyPayload;
 import com.android.internal.net.ipsec.ike.message.IkePayload;
 import com.android.internal.net.ipsec.ike.message.IkeSaPayload;
 import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IkeProposal;
-import com.android.internal.net.ipsec.ike.message.IkeTsPayload;
 import com.android.internal.net.ipsec.ike.message.IkeVendorPayload;
 import com.android.internal.net.ipsec.ike.utils.IkeAlarmReceiver;
 import com.android.internal.net.ipsec.ike.utils.IkeSecurityParameterIndex;
@@ -3085,50 +3084,26 @@ public class IkeSessionStateMachine extends AbstractSessionStateMachine {
 
         protected List<IkePayload> extractChildPayloadsFromMessage(IkeMessage ikeMessage)
                 throws InvalidSyntaxException {
-            IkeSaPayload saPayload =
-                    ikeMessage.getPayloadForType(IkePayload.PAYLOAD_TYPE_SA, IkeSaPayload.class);
-            IkeTsPayload tsInitPayload =
-                    ikeMessage.getPayloadForType(
-                            IkePayload.PAYLOAD_TYPE_TS_INITIATOR, IkeTsPayload.class);
-            IkeTsPayload tsRespPayload =
-                    ikeMessage.getPayloadForType(
-                            IkePayload.PAYLOAD_TYPE_TS_RESPONDER, IkeTsPayload.class);
-
-            List<IkeNotifyPayload> notifyPayloads =
-                    ikeMessage.getPayloadListForType(
-                            IkePayload.PAYLOAD_TYPE_NOTIFY, IkeNotifyPayload.class);
-
-            IkeConfigPayload configPayload =
-                    ikeMessage.getPayloadForType(
-                            IkePayload.PAYLOAD_TYPE_CP, IkeConfigPayload.class);
-
-            boolean hasErrorNotify = false;
             List<IkePayload> list = new LinkedList<>();
-            for (IkeNotifyPayload payload : notifyPayloads) {
-                if (payload.isNewChildSaNotify()) {
-                    list.add(payload);
-                    if (payload.isErrorNotify()) {
-                        hasErrorNotify = true;
-                    }
+            for (IkePayload payload : ikeMessage.ikePayloadList) {
+                switch (payload.payloadType) {
+                    case PAYLOAD_TYPE_SA: // fall through
+                    case PAYLOAD_TYPE_TS_INITIATOR: // fall through
+                    case PAYLOAD_TYPE_TS_RESPONDER: // fall through
+                    case PAYLOAD_TYPE_CP:
+                        list.add(payload);
+                        break;
+                    case PAYLOAD_TYPE_NOTIFY:
+                        if (((IkeNotifyPayload) payload).isNewChildSaNotify()) {
+                            list.add(payload);
+                        }
+                        break;
+                    default:
+                        // Ignore payloads unrelated with Child negotiation
                 }
             }
 
-            // If there is no error notification, SA, TS-initiator and TS-responder MUST all be
-            // included in this message.
-            if (!hasErrorNotify
-                    && (saPayload == null || tsInitPayload == null || tsRespPayload == null)) {
-                throw new InvalidSyntaxException(
-                        "SA, TS-Initiator or TS-Responder payload is missing.");
-            }
-
-            list.add(saPayload);
-            list.add(tsInitPayload);
-            list.add(tsRespPayload);
-
-            if (configPayload != null) {
-                list.add(configPayload);
-            }
-
+            // Payload validation is done in ChildSessionStateMachine
             return list;
         }
author	evitayan <evitayan@google.com>	2020-05-15 19:41:50 -0700
committer	evitayan <evitayan@google.com>	2020-05-19 12:41:56 -0700
commit	778f73f9c4de4be0c01649206c2764ba59c0e5b2 (patch)
tree	0f4756891bd8c101f2bd280c106c4a571da83caf
parent	712cb8aee20895abfb6595cdc0c38d4c68d2a995 (diff)
download	ike-778f73f9c4de4be0c01649206c2764ba59c0e5b2.tar.gz