ike-init: Fix leak if KE payload creation fails
authorTobias Brunner <tobias@strongswan.org>
Thu, 30 Aug 2018 12:48:34 +0000 (14:48 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 12 Sep 2018 14:25:00 +0000 (16:25 +0200)
src/libcharon/sa/ikev2/tasks/ike_init.c

index 28e28e4..307d992 100644 (file)
@@ -362,8 +362,6 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
        }
        message->add_payload(message, (payload_t*)sa_payload);
 
-       nonce_payload = nonce_payload_create(PLV2_NONCE);
-       nonce_payload->set_nonce(nonce_payload, this->my_nonce);
        ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE,
                                                                                                           this->dh);
        if (!ke_payload)
@@ -371,6 +369,8 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
                DBG1(DBG_IKE, "creating KE payload failed");
                return FALSE;
        }
+       nonce_payload = nonce_payload_create(PLV2_NONCE);
+       nonce_payload->set_nonce(nonce_payload, this->my_nonce);
 
        if (this->old_sa)
        {       /* payload order differs if we are rekeying */