Fix nonce comparison in rekey collisions, lowest nonce loses
[strongswan.git] / src / libcharon / sa / tasks / child_rekey.c
index fdaaea4..e74ca4e 100644 (file)
@@ -241,12 +241,11 @@ static child_sa_t *handle_collision(private_child_rekey_t *this)
                /* if we have the lower nonce, delete rekeyed SA. If not, delete
                 * the redundant. */
                if (memcmp(this_nonce.ptr, other_nonce.ptr,
-                                  min(this_nonce.len, other_nonce.len)) < 0)
+                                  min(this_nonce.len, other_nonce.len)) > 0)
                {
                        child_sa_t *child_sa;
 
-                       DBG1(DBG_IKE, "CHILD_SA rekey collision won, "
-                                "deleting rekeyed child");
+                       DBG1(DBG_IKE, "CHILD_SA rekey collision won, deleting old child");
                        to_delete = this->child_sa;
                        /* don't touch child other created, it has already been deleted */
                        if (!this->other_child_destroyed)
@@ -259,7 +258,7 @@ static child_sa_t *handle_collision(private_child_rekey_t *this)
                else
                {
                        DBG1(DBG_IKE, "CHILD_SA rekey collision lost, "
-                                "deleting redundant child");
+                                "deleting rekeyed child");
                        to_delete = this->child_create->get_child(this->child_create);
                }
        }