Module: kamailio Branch: 6.0 Commit: 6949f6970786d737daa88b05b014725ba81147f5 URL: https://github.com/kamailio/kamailio/commit/6949f6970786d737daa88b05b014725ba81147f5
Author: herlesupreeth <[email protected]> Committer: Victor Seva <[email protected]> Date: 2025-11-03T10:09:16+01:00 ims_ipsec_pcscf: fix selection of encryption algorithm selection (cherry picked from commit 1bdafed8d4bb97f1f9a7654155decbf9625b0504) --- Modified: src/modules/ims_ipsec_pcscf/sec_agree.c --- Diff: https://github.com/kamailio/kamailio/commit/6949f6970786d737daa88b05b014725ba81147f5.diff Patch: https://github.com/kamailio/kamailio/commit/6949f6970786d737daa88b05b014725ba81147f5.patch --- diff --git a/src/modules/ims_ipsec_pcscf/sec_agree.c b/src/modules/ims_ipsec_pcscf/sec_agree.c index 8a785c33d98..4ad62a69d6a 100644 --- a/src/modules/ims_ipsec_pcscf/sec_agree.c +++ b/src/modules/ims_ipsec_pcscf/sec_agree.c @@ -115,6 +115,32 @@ static int process_sec_agree_param( return 0; } +/** + * @brief Check whether UE IPsec parameters have been selected/populated. + * + * Verifies that all required fields of the provided ipsec_t structure are + * present (non-zero for integer fields and non-zero length for length-bearing + * fields). This function is used to decide if the UE has provided IPsec + * parameters for use in the session. + * + * @param params Pointer to an ipsec_t structure to inspect. Must be non-NULL; + * passing NULL yields undefined behavior. + * + * @return 1 if all required parameters are present: + * 0 if any of the above checks fail. + */ +static int is_ue_ipsec_params_selected(ipsec_t *params) +{ + if(params->spi_uc == 0 || params->spi_us == 0 || params->port_uc == 0 + || params->port_us == 0 || params->prot.len == 0 + || params->mod.len == 0 || params->r_alg.len == 0 + || params->r_ealg.len == 0) { + return 0; + } + + return 1; +} + static security_t *parse_sec_agree(struct hdr_field *h) { int i = 0; @@ -195,13 +221,31 @@ static security_t *parse_sec_agree(struct hdr_field *h) i = 0; if(name.len && value.len) { - if(strncasecmp(name.s, "alg", name.len) == 0) { - if(preferred_alg_found && preferred_ealg_found) { + if(ipsec_preferred_alg.len && ipsec_preferred_ealg.len) { + if(preferred_alg_found && preferred_ealg_found + && is_ue_ipsec_params_selected( + params->data.ipsec)) { break; } preferred_alg_found = 0; preferred_ealg_found = 0; } + if(ipsec_preferred_alg.len && !ipsec_preferred_ealg.len) { + if(preferred_alg_found + && is_ue_ipsec_params_selected( + params->data.ipsec)) { + break; + } + preferred_alg_found = 0; + } + if(!ipsec_preferred_alg.len && ipsec_preferred_ealg.len) { + if(preferred_ealg_found + && is_ue_ipsec_params_selected( + params->data.ipsec)) { + break; + } + preferred_ealg_found = 0; + } char alg_found = 0; char ealg_found = 0; _______________________________________________ Kamailio - Development Mailing List -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
