quick-mode: Maintain reference to reqid while CHILD_SA is established

diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index 3d2e3efbe4e5ca0c4ddfbbf1b67d9c285d2cb71a..e403c366d64c697a5f38f8011454f9186d7f12e1 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -1432,7 +1432,16 @@ METHOD(quick_mode_t, get_mid, uint32_t,
 METHOD(quick_mode_t, use_reqid, void,
        private_quick_mode_t *this, uint32_t reqid)
 {
-       this->child.reqid = reqid;
+       uint32_t existing_reqid = this->child.reqid;
+
+       if (!reqid || charon->kernel->ref_reqid(charon->kernel, reqid) == SUCCESS)
+       {
+               this->child.reqid = reqid;
+               if (existing_reqid)
+               {
+                       charon->kernel->release_reqid(charon->kernel, existing_reqid);
+               }
+       }
 }
 
 METHOD(quick_mode_t, use_marks, void,
@@ -1496,6 +1505,10 @@ METHOD(task_t, destroy, void,
        DESTROY_IF(this->child_sa);
        DESTROY_IF(this->config);
        DESTROY_IF(this->dh);
+       if (this->child.reqid)
+       {
+               charon->kernel->release_reqid(charon->kernel, this->child.reqid);
+       }
        free(this);
 }
 

diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.h b/src/libcharon/sa/ikev1/tasks/quick_mode.h
index 08aa15f46dd66b2f6554bfe27245e4f8e42cc7e7..2b048940722c78bdc075b6f0f766885e1706c999 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.h
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.h
@@ -50,6 +50,10 @@ struct quick_mode_t {
        /**
         * Use a specific reqid to install this CHILD_SA.
         *
+        * This must only be called with dynamically allocated reqids (i.e. from
+        * kernel_interface_t::alloc_reqid()), the method takes a reference that's
+        * maintained for the lifetime of the task.
+        *
         * @param reqid                 reqid to use
         */
        void (*use_reqid)(quick_mode_t *this, uint32_t reqid);