Fix nonce comparison in rekey collisions, lowest nonce loses
authorMartin Willi <martin@revosec.ch>
Fri, 7 Jan 2011 12:32:28 +0000 (13:32 +0100)
committerMartin Willi <martin@revosec.ch>
Fri, 7 Jan 2011 14:51:35 +0000 (15:51 +0100)
src/libcharon/sa/tasks/child_rekey.c
src/libcharon/sa/tasks/ike_rekey.c

index fdaaea4..e74ca4e 100644 (file)
@@ -241,12 +241,11 @@ static child_sa_t *handle_collision(private_child_rekey_t *this)
                /* if we have the lower nonce, delete rekeyed SA. If not, delete
                 * the redundant. */
                if (memcmp(this_nonce.ptr, other_nonce.ptr,
-                                  min(this_nonce.len, other_nonce.len)) < 0)
+                                  min(this_nonce.len, other_nonce.len)) > 0)
                {
                        child_sa_t *child_sa;
 
-                       DBG1(DBG_IKE, "CHILD_SA rekey collision won, "
-                                "deleting rekeyed child");
+                       DBG1(DBG_IKE, "CHILD_SA rekey collision won, deleting old child");
                        to_delete = this->child_sa;
                        /* don't touch child other created, it has already been deleted */
                        if (!this->other_child_destroyed)
@@ -259,7 +258,7 @@ static child_sa_t *handle_collision(private_child_rekey_t *this)
                else
                {
                        DBG1(DBG_IKE, "CHILD_SA rekey collision lost, "
-                                "deleting redundant child");
+                                "deleting rekeyed child");
                        to_delete = this->child_create->get_child(this->child_create);
                }
        }
index 1a6c140..44c5503 100644 (file)
@@ -255,19 +255,20 @@ static status_t process_i(private_ike_rekey_t *this, message_t *message)
                        /* if we have the lower nonce, delete rekeyed SA. If not, delete
                         * the redundant. */
                        if (memcmp(this_nonce.ptr, other_nonce.ptr,
-                                               min(this_nonce.len, other_nonce.len)) < 0)
+                                               min(this_nonce.len, other_nonce.len)) > 0)
                        {
                                /* peer should delete this SA. Add a timeout just in case. */
                                job_t *job = (job_t*)delete_ike_sa_job_create(
                                                other->new_sa->get_id(other->new_sa), TRUE);
                                lib->scheduler->schedule_job(lib->scheduler, job, 10);
-                               DBG1(DBG_IKE, "IKE_SA rekey collision won, deleting rekeyed IKE_SA");
+                               DBG1(DBG_IKE, "IKE_SA rekey collision won, waiting for delete");
                                charon->ike_sa_manager->checkin(charon->ike_sa_manager, other->new_sa);
                                other->new_sa = NULL;
                        }
                        else
                        {
-                               DBG1(DBG_IKE, "IKE_SA rekey collision lost, deleting redundant IKE_SA");
+                               DBG1(DBG_IKE, "IKE_SA rekey collision lost, "
+                                        "deleting redundant IKE_SA");
                                /* apply host for a proper delete */
                                host = this->ike_sa->get_my_host(this->ike_sa);
                                this->new_sa->set_my_host(this->new_sa, host->clone(host));