From 78bab0b68254accb48f08c5110a904a0dedabc60 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 28 Jul 2015 15:10:17 +0200 Subject: [PATCH] child-create: Fix crash when retrying CHILD_SA rekeying due to a DH group mismatch If the responder declines our KE payload during a CHILD_SA rekeying migrate() is called to reuse the child-create task. But the child-rekey task then calls the same method again. Fixes: 32df0d81fb46 ("child-create: Destroy nonceg in migrate()") --- src/libcharon/sa/ikev2/tasks/child_create.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index e0f930c..ee5086f 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -1596,6 +1596,7 @@ METHOD(task_t, migrate, void, this->tsi = NULL; this->tsr = NULL; this->dh = NULL; + this->nonceg = NULL; this->child_sa = NULL; this->mode = MODE_TUNNEL; this->ipcomp = IPCOMP_NONE; -- 2.5.0