purge auth_info when IKE_SA is established, releases cert memory
authorMartin Willi <martin@strongswan.org>
Tue, 9 Dec 2008 14:34:15 +0000 (14:34 -0000)
committerMartin Willi <martin@strongswan.org>
Tue, 9 Dec 2008 14:34:15 +0000 (14:34 -0000)
src/charon/credentials/auth_info.c
src/charon/credentials/auth_info.h
src/charon/sa/ike_sa.c

index 42e1ea4..62d5ea9 100644 (file)
@@ -560,9 +560,9 @@ static void destroy_item_value(item_t *item)
 }
 
 /**
- * Implementation of auth_info_t.destroy
+ * Implementation of auth_info_t.purge
  */
-static void destroy(private_auth_info_t *this)
+static void purge(private_auth_info_t *this)
 {
        item_t *item;
        
@@ -571,6 +571,14 @@ static void destroy(private_auth_info_t *this)
                destroy_item_value(item);
                free(item);
        }
+}
+
+/**
+ * Implementation of auth_info_t.destroy
+ */
+static void destroy(private_auth_info_t *this)
+{
+       purge(this);
        this->items->destroy(this->items);
        free(this);
 }
@@ -588,6 +596,7 @@ auth_info_t *auth_info_create()
        this->public.create_item_enumerator = (enumerator_t*(*)(auth_info_t*))create_item_enumerator;
        this->public.complies = (bool(*)(auth_info_t*, auth_info_t *))complies;
        this->public.merge = (void(*)(auth_info_t*, auth_info_t *other))merge;
+       this->public.purge = (void(*)(auth_info_t*))purge;
        this->public.equals = (bool(*)(auth_info_t*, auth_info_t *other))equals;
        this->public.destroy = (void(*)(auth_info_t*))destroy;
        
index 5243343..161698a 100644 (file)
@@ -172,6 +172,11 @@ struct auth_info_t {
        void (*merge)(auth_info_t *this, auth_info_t *other);
        
        /**
+        * Purge all items in auth_info.
+        */
+       void (*purge)(auth_info_t *this);
+       
+       /**
         * Check two auth_infos for equality.
         *
         * @param other         other item to compaire against this
index fa04c04..a4e17fd 100644 (file)
@@ -709,6 +709,12 @@ static void set_state(private_ike_sa_t *this, ike_sa_state_t state)
                        break;
        }
        charon->bus->ike_state_change(charon->bus, &this->public, state);
+       if (state == IKE_ESTABLISHED)
+       {       /* purge auth items after hook invocation, as they contain certs
+                * and other memory wasting elements */
+               this->my_auth->purge(this->my_auth);
+               this->other_auth->purge(this->other_auth);
+       }
        this->state = state;
 }