ike: Don't handle roam events if no IKE config is available

IKE_SAs newly created via HA_IKE_ADD message don't have any IKE or peer
config assigned yet (this happens later with an HA_IKE_UPDATE message).
And because the state is initially set to IKE_CONNECTING the roam() method
does not immediately return, as it later would for passive HA SAs. This
might cause the check for explicitly configured local addresses to crash
the daemon with a segmentation fault.

Fixes #2500.

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 823cf2579ad3d0a566daa8f7eadc2eba086ef660..4123cc49de37e119bbefd89c7cc42f0e81b79bc5 100644 (file)
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -2561,6 +2561,12 @@ METHOD(ike_sa_t, roam, status_t,
                        break;
        }
 
+       if (!this->ike_cfg)
+       {       /* this is the case for new HA SAs not yet in state IKE_PASSIVE and
+                * without config assigned */
+               return SUCCESS;
+       }
+
        /* ignore roam events if MOBIKE is not supported/enabled and the local
         * address is statically configured */
        if (this->version == IKEV2 && !supports_extension(this, EXT_MOBIKE) &&