From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 28 Jul 2015 13:10:17 +0000 (+0200)
Subject: child-create: Fix crash when retrying CHILD_SA rekeying due to a DH group mismatch
X-Git-Tag: 5.3.3rc1~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1729df927516f26646c1743cc0405d7e47d2168c;p=thirdparty%2Fstrongswan.git

child-create: Fix crash when retrying CHILD_SA rekeying due to a DH group mismatch

If the responder declines our KE payload during a CHILD_SA rekeying migrate()
is called to reuse the child-create task.  But the child-rekey task then
calls the same method again.

Fixes: 32df0d81fb46 ("child-create: Destroy nonceg in migrate()")
---

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index e0f930c3c7..ee5086fe12 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -1596,6 +1596,7 @@ METHOD(task_t, migrate, void,
 	this->tsi = NULL;
 	this->tsr = NULL;
 	this->dh = NULL;
+	this->nonceg = NULL;
 	this->child_sa = NULL;
 	this->mode = MODE_TUNNEL;
 	this->ipcomp = IPCOMP_NONE;