Guarantee entry->other is set when calling put_connected_peers
authorThomas Egerer <thomas.egerer@secunet.com>
Fri, 3 Dec 2010 08:23:06 +0000 (09:23 +0100)
committerMartin Willi <martin@revosec.ch>
Mon, 6 Dec 2010 09:56:57 +0000 (10:56 +0100)
Given the original intent of entry->host, the check for DoS attacks, it
can happen that this value remains NULL when an entry is created. This
is particularly awkward if put_connected_peers is called to check if a
connection to a given peer already exists, since it takes the address
family into consideration (git commit b74219d0) which is gleaned from
entry->host.
This patch guarantees that entry->other is a clone of host before
put_connected_peers is called.

src/libcharon/sa/ike_sa_manager.c

index 3c22907..31f14f0 100644 (file)
@@ -85,7 +85,9 @@ struct entry_t {
        chunk_t init_hash;
 
        /**
-        * remote host address, required for DoS detection
+        * remote host address, required for DoS detection and duplicate
+        * checking (host with same my_id and other_id is *not* considered
+        * a duplicate if the address family differs)
         */
        host_t *other;
 
@@ -1326,6 +1328,10 @@ static void checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
        {
                entry->my_id = my_id->clone(my_id);
                entry->other_id = other_id->clone(other_id);
+               if (!entry->other)
+               {
+                       entry->other = other->clone(other);
+               }
                put_connected_peers(this, entry);
        }