diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2015-05-05 09:51:19 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2015-05-05 10:55:14 +0200 |
| commit | 32df0d81fb468861c67de7fda6d4fd21d90241b5 (patch) | |
| tree | 7a0c87cf5629c974255e6b3903c3c97f154dd238 | |
| parent | 252f2ef8854d466734c65806b73f037e9b2891b6 (diff) | |
| download | strongswan-32df0d81fb468861c67de7fda6d4fd21d90241b5.tar.bz2 strongswan-32df0d81fb468861c67de7fda6d4fd21d90241b5.tar.xz | |
child-create: Destroy nonceg in migrate()
Since another nonce gets allocated later (if any was allocated already)
this would have resulted in a leaked nonce context ID when used in charon-tkm.
| -rw-r--r-- | src/libcharon/sa/ikev2/tasks/child_create.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index d74eaab43..e0f930c3c 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -221,6 +221,7 @@ static status_t get_nonce(message_t *message, chunk_t *nonce) */ static bool generate_nonce(private_child_create_t *this) { + this->nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat); if (!this->nonceg) { DBG1(DBG_IKE, "no nonce generator found to create nonce"); @@ -1580,6 +1581,7 @@ METHOD(task_t, migrate, void, } DESTROY_IF(this->child_sa); DESTROY_IF(this->proposal); + DESTROY_IF(this->nonceg); DESTROY_IF(this->dh); this->dh_failed = FALSE; if (this->proposals) @@ -1671,7 +1673,6 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, .rekey = rekey, .retry = FALSE, ); - this->nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat); if (config) { |