Guarantee entry->other is set when calling put_connected_peers

Given the original intent of entry->host, the check for DoS attacks, it
can happen that this value remains NULL when an entry is created. This
is particularly awkward if put_connected_peers is called to check if a
connection to a given peer already exists, since it takes the address
family into consideration (git commit b74219d0) which is gleaned from
entry->host.
This patch guarantees that entry->other is a clone of host before
put_connected_peers is called.

1 files changed, 7 insertions, 1 deletions

diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 3c2290796..31f14f0d4 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -85,7 +85,9 @@ struct entry_t {
 	chunk_t init_hash;
 
 	/**
-	 * remote host address, required for DoS detection
+	 * remote host address, required for DoS detection and duplicate
+	 * checking (host with same my_id and other_id is *not* considered
+	 * a duplicate if the address family differs)
 	 */
 	host_t *other;
 
@@ -1326,6 +1328,10 @@ static void checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
 	{
 		entry->my_id = my_id->clone(my_id);
 		entry->other_id = other_id->clone(other_id);
+		if (!entry->other)
+		{
+			entry->other = other->clone(other);
+		}
 		put_connected_peers(this, entry);
 	}