diff options
| author | Thomas Egerer <thomas.egerer@secunet.com> | 2015-02-04 12:47:03 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2015-02-19 10:58:40 +0100 |
| commit | 875f7be5fcc85b863fa79edca529a88485aecd0f (patch) | |
| tree | ed4fa51d153d2122f4427c35712320f60f0919f1 /src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c | |
| parent | 5cc0b238865a4bf560602761dbe0fb92c4ad19a3 (diff) | |
| download | strongswan-875f7be5fcc85b863fa79edca529a88485aecd0f.tar.bz2 strongswan-875f7be5fcc85b863fa79edca529a88485aecd0f.tar.xz | |
ha: Perform child rekeying outside of CHILD_SA enumerator
When rekey_child_sa is called while enumerating the children of an IKE_SA, and
the child to be rekeyed is redundant a QUICK_DELETE task is queued instead of a
QUICK_MODE task. This alters the IKE_SA's list of children (ike_sa_t::child_sas)
invalidating the current element of the child_sa_enumerator. The enumerate
function of linked_list_t will then advance to an element with unpredictable
contents most likely resulting in an segmentation violation. A similar behavior
should be observed when delete_child_sa is called.
This patch creates a list of protocol/spi values while holding the
child_sa_enumerator and performs the rekeying (deletion of redundant) chlidren
after releasing the enumerator.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Diffstat (limited to 'src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c')
0 files changed, 0 insertions, 0 deletions