Handle initiation of not supported IKE versions properly
[strongswan.git] / src / libcharon / plugins / android / android_service.c
index 96603ab..8aba925 100644 (file)
@@ -300,12 +300,17 @@ static job_requeue_t initiate(private_android_service_t *this)
                                                                                         0, "255.255.255.255", 65535);
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
        peer_cfg->add_child_cfg(peer_cfg, child_cfg);
-       /* get an additional reference because initiate consumes one */
-       child_cfg->get_ref(child_cfg);
 
        /* get us an IKE_SA */
        ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager,
                                                                                                                peer_cfg);
+       if (!ike_sa)
+       {
+               peer_cfg->destroy(peer_cfg);
+               send_status(this, VPN_ERROR_CONNECTION_FAILED);
+               return JOB_REQUEUE_NONE;
+       }
+
        if (!ike_sa->get_peer_cfg(ike_sa))
        {
                ike_sa->set_peer_cfg(ike_sa, peer_cfg);
@@ -318,6 +323,8 @@ static job_requeue_t initiate(private_android_service_t *this)
        /* confirm that we received the request */
        send_status(this, i);
 
+       /* get an additional reference because initiate consumes one */
+       child_cfg->get_ref(child_cfg);
        if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS)
        {
                DBG1(DBG_CFG, "failed to initiate tunnel");