child-create: Fix crash when retrying CHILD_SA rekeying due to a DH group mismatch

If the responder declines our KE payload during a CHILD_SA rekeying migrate()
is called to reuse the child-create task.  But the child-rekey task then
calls the same method again.

Fixes: 32df0d81fb46 ("child-create: Destroy nonceg in migrate()")

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index e0f930c3c7ea4473921da8c454d423913f0373f4..ee5086fe12c58834baa3b67cf6369bab5be4d794 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -1596,6 +1596,7 @@ METHOD(task_t, migrate, void,
        this->tsi = NULL;
        this->tsr = NULL;
        this->dh = NULL;
+       this->nonceg = NULL;
        this->child_sa = NULL;
        this->mode = MODE_TUNNEL;
        this->ipcomp = IPCOMP_NONE;