Guarantee entry->other is set when calling put_connected_peers

Given the original intent of entry->host, the check for DoS attacks, it
can happen that this value remains NULL when an entry is created. This
is particularly awkward if put_connected_peers is called to check if a
connection to a given peer already exists, since it takes the address
family into consideration (git commit b74219d0) which is gleaned from
entry->host.
This patch guarantees that entry->other is a clone of host before
put_connected_peers is called.

diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 3c22907963c53344e64bcf0e9dbe6944fc114f12..31f14f0d49be41396d70b6ca80d1b2c4f82f7ee4 100644 (file)
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -85,7 +85,9 @@ struct entry_t {
        chunk_t init_hash;
 
        /**
-        * remote host address, required for DoS detection
+        * remote host address, required for DoS detection and duplicate
+        * checking (host with same my_id and other_id is *not* considered
+        * a duplicate if the address family differs)
         */
        host_t *other;
 
@@ -1326,6 +1328,10 @@ static void checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
        {
                entry->my_id = my_id->clone(my_id);
                entry->other_id = other_id->clone(other_id);
+               if (!entry->other)
+               {
+                       entry->other = other->clone(other);
+               }
                put_connected_peers(this, entry);
        }