diff options
| author | Thomas Egerer <thomas.egerer@secunet.com> | 2010-12-03 09:23:06 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-12-06 10:56:57 +0100 |
| commit | 76ce213c4367e95af7220e9baf828b7924bdc17b (patch) | |
| tree | 2a2b6c61a20439ed373ed8f21e0a9834af675ca7 | |
| parent | 2965eb3cc7d56a573aeb1f13d06b8a2e03ed38c8 (diff) | |
| download | strongswan-76ce213c4367e95af7220e9baf828b7924bdc17b.tar.bz2 strongswan-76ce213c4367e95af7220e9baf828b7924bdc17b.tar.xz | |
Guarantee entry->other is set when calling put_connected_peers
Given the original intent of entry->host, the check for DoS attacks, it
can happen that this value remains NULL when an entry is created. This
is particularly awkward if put_connected_peers is called to check if a
connection to a given peer already exists, since it takes the address
family into consideration (git commit b74219d0) which is gleaned from
entry->host.
This patch guarantees that entry->other is a clone of host before
put_connected_peers is called.
| -rw-r--r-- | src/libcharon/sa/ike_sa_manager.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 3c2290796..31f14f0d4 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -85,7 +85,9 @@ struct entry_t { chunk_t init_hash; /** - * remote host address, required for DoS detection + * remote host address, required for DoS detection and duplicate + * checking (host with same my_id and other_id is *not* considered + * a duplicate if the address family differs) */ host_t *other; @@ -1326,6 +1328,10 @@ static void checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa) { entry->my_id = my_id->clone(my_id); entry->other_id = other_id->clone(other_id); + if (!entry->other) + { + entry->other = other->clone(other); + } put_connected_peers(this, entry); } |