ikev2: keep the CHILD_SA we delete as initiator in the list to destroy
authorMartin Willi <martin@revosec.ch>
Tue, 25 Jun 2013 12:03:51 +0000 (14:03 +0200)
committerMartin Willi <martin@revosec.ch>
Tue, 25 Jun 2013 12:03:51 +0000 (14:03 +0200)
If the responder not correctly send the correct protocol or SPI in the delete
response, we should remove the CHILD_SA regardless.

src/libcharon/sa/ikev2/tasks/child_delete.c

index 8652942..9e53d03 100644 (file)
@@ -177,8 +177,11 @@ static void process_payloads(private_child_delete_t *this, message_t *message)
                                        default:
                                                break;
                                }
-
-                               this->child_sas->insert_last(this->child_sas, child_sa);
+                               if (this->child_sas->find_first(this->child_sas, NULL,
+                                                                                               (void**)&child_sa) != SUCCESS)
+                               {
+                                       this->child_sas->insert_last(this->child_sas, child_sa);
+                               }
                        }
                        spis->destroy(spis);
                }
@@ -310,10 +313,6 @@ METHOD(task_t, build_i, status_t,
 METHOD(task_t, process_i, status_t,
        private_child_delete_t *this, message_t *message)
 {
-       /* flush the list before adding new SAs */
-       this->child_sas->destroy(this->child_sas);
-       this->child_sas = linked_list_create();
-
        process_payloads(this, message);
        DBG1(DBG_IKE, "CHILD_SA closed");
        return destroy_and_reestablish(this);