diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2015-11-19 22:14:30 +0200 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2015-11-19 22:14:30 +0200 |
| commit | 3adb6561f830cc6f7eade5e2c465e3f51bb0324e (patch) | |
| tree | f521cc7c9ba1f296a5b6b286f0fad82b05855dd0 /main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch | |
| parent | 84467229491d390cbbc0d77fb6bab3d92543b361 (diff) | |
| download | aports-3adb6561f830cc6f7eade5e2c465e3f51bb0324e.tar.bz2 aports-3adb6561f830cc6f7eade5e2c465e3f51bb0324e.tar.xz | |
main/strongswan: security upgrade to 5.3.4 (CVE-2015-8023)
Diffstat (limited to 'main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch')
| -rw-r--r-- | main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch b/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch index 666355757f..24c1537b16 100644 --- a/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch +++ b/main/strongswan/0205-ike-Adhere-to-IKE_SA-limit-when-checking-out-by-conf.patch @@ -1,4 +1,4 @@ -From e0189de4c7b8df5cb61c7b0e771dcc5534e9cc06 Mon Sep 17 00:00:00 2001 +From f60c91a440d8b8a0969d99c9c84df40fe2ffc8c4 Mon Sep 17 00:00:00 2001 From: Tobias Brunner <tobias@strongswan.org> Date: Fri, 17 Jul 2015 11:53:58 +0200 Subject: [PATCH] ike: Adhere to IKE_SA limit when checking out by config @@ -6,14 +6,14 @@ Subject: [PATCH] ike: Adhere to IKE_SA limit when checking out by config This prevents new SAs from getting created if we hit the global IKE_SA limit (we still allow checkout_new(), which is used for rekeying). --- - src/libcharon/sa/ike_sa_manager.c | 63 ++++++++++++++++++++------------------- - 1 file changed, 33 insertions(+), 30 deletions(-) + src/libcharon/sa/ike_sa_manager.c | 69 ++++++++++++++++++++------------------- + 1 file changed, 36 insertions(+), 33 deletions(-) diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c -index 51b7f2c..20b6e50 100644 +index 4625df5..aeed6fe 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c -@@ -1346,44 +1346,47 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, +@@ -1385,47 +1385,50 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, DBG2(DBG_MGR, "checkout IKE_SA by config"); @@ -35,7 +35,8 @@ index 51b7f2c..20b6e50 100644 - continue; - } - if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING) -- { /* skip IKE_SAs which are not usable */ +- { /* skip IKE_SAs which are not usable, wake other waiting threads */ +- entry->condvar->signal(entry->condvar); - continue; - } - @@ -53,9 +54,10 @@ index 51b7f2c..20b6e50 100644 - current_peer->get_name(current_peer)); - break; + continue; -+ } + } + if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING) -+ { /* skip IKE_SAs which are not usable */ ++ { /* skip IKE_SAs which are not usable, wake other waiting threads */ ++ entry->condvar->signal(entry->condvar); + continue; + } + current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa); @@ -72,8 +74,12 @@ index 51b7f2c..20b6e50 100644 + current_peer->get_name(current_peer)); + break; + } - } ++ } ++ /* other threads might be waiting for this entry */ ++ entry->condvar->signal(entry->condvar); } +- /* other threads might be waiting for this entry */ +- entry->condvar->signal(entry->condvar); + enumerator->destroy(enumerator); } - enumerator->destroy(enumerator); @@ -92,5 +98,5 @@ index 51b7f2c..20b6e50 100644 } charon->bus->set_sa(charon->bus, ike_sa); -- -2.4.6 +2.6.3 |