ike-sa: Handle IKE_SA unique identifier refcount overflow gracefully

IKE_SA unique identifier allocation starts at 1. If the counter overflows,
a unique ID of 0 is assigned to an IKE_SA, which may have unclear consequences.

Overflowing the unique ID counter is theoretical for most setups, but on
a Gateway terminating 100'000 tunnels and rekeying the IKE_SA every 60s
overflows the counter after a month uptime. So avoid a 0 unique identifier
by using ref_get_nonzero().

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 654508e4b31f6479065fb02db1d4965840c8286d..758a4cdba3065537a2e52062c405a7fb7ac7f618 100644 (file)
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -3229,7 +3229,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
                .my_auths = array_create(0, 0),
                .other_auths = array_create(0, 0),
                .attributes = array_create(sizeof(attribute_entry_t), 0),
-               .unique_id = ref_get(&unique_id),
+               .unique_id = ref_get_nonzero(&unique_id),
                .keepalive_interval = lib->settings->get_time(lib->settings,
                                                                "%s.keep_alive", KEEPALIVE_INTERVAL, lib->ns),
                .keepalive_dpd_margin = lib->settings->get_time(lib->settings,