From 70691c31b28e395e259402a0b126a95e3a56b7ea Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@strongswan.org>
Date: Wed, 3 Dec 2008 09:15:29 +0000
Subject: [PATCH] fixed double free of host in selector2ts

---
 .../plugins/kernel_netlink/kernel_netlink_ipsec.c  | 51 ++++++++++------------
 1 file changed, 24 insertions(+), 27 deletions(-)

diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index bf74f8e..2abbab4 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -423,51 +423,48 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src,
  */
 static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
 {
-	int family;
-	chunk_t addr;
+	u_char *addr;
 	u_int8_t prefixlen;
-	u_int16_t port, port_mask;
-	host_t *host;
-	traffic_selector_t *ts;
-
+	u_int16_t port = 0;
+	host_t *host = NULL;
+	
 	if (src)
 	{
-		addr.ptr = (u_char*)&sel->saddr;
+		addr = (u_char*)&sel->saddr;
 		prefixlen = sel->prefixlen_s;
-		port = sel->sport;
-		port_mask = sel->sport_mask;
+		if (sel->sport_mask)
+		{
+			port = htons(sel->sport);
+		}
 	}
-    else
+	else
 	{
-		addr.ptr = (u_char*)&sel->daddr;
+		addr = (u_char*)&sel->daddr;
 		prefixlen = sel->prefixlen_d;
-		port = sel->dport;
-		port_mask = sel->dport_mask;
+		if (sel->dport_mask)
+		{
+			port = htons(sel->dport);
+		}
 	}
-
+	
 	/* The Linux 2.6 kernel does not set the selector's family field,
-     * so as a kludge we additionally test the prefix length. 
+	 * so as a kludge we additionally test the prefix length. 
 	 */
 	if (sel->family == AF_INET || sel->prefixlen_s == 32)
 	{
-		family = AF_INET;
-		addr.len = 4;
+		host = host_create_from_chunk(AF_INET, chunk_create(addr, 4), 0);
 	}
 	else if (sel->family == AF_INET6 || sel->prefixlen_s == 128)
 	{
-		family = AF_INET6;
-		addr.len = 16;
+		host = host_create_from_chunk(AF_INET6, chunk_create(addr, 16), 0);
 	}
-	else
+	
+	if (host)
 	{
-		return NULL;
+		return traffic_selector_create_from_subnet(host, prefixlen,
+												   sel->proto, port);
 	}
-	host = host_create_from_chunk(family, addr, 0);
-	port = (port_mask == 0) ? 0 : ntohs(port); 
-
-	ts = traffic_selector_create_from_subnet(host, prefixlen, sel->proto, port);
-	host->destroy(host); 		
-	return ts;
+	return NULL;
 }
 
 /**
-- 
2.7.4