From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 20 Dec 2017 11:32:52 +0000 (+0100)
Subject: ike: Don't handle roam events if no IKE config is available
X-Git-Tag: 5.6.2rc1~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=007a2701bbd7556ba9ca6294a80dcc5336da086e;p=thirdparty%2Fstrongswan.git

ike: Don't handle roam events if no IKE config is available

IKE_SAs newly created via HA_IKE_ADD message don't have any IKE or peer
config assigned yet (this happens later with an HA_IKE_UPDATE message).
And because the state is initially set to IKE_CONNECTING the roam() method
does not immediately return, as it later would for passive HA SAs. This
might cause the check for explicitly configured local addresses to crash
the daemon with a segmentation fault.

Fixes #2500.
---

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 823cf2579a..4123cc49de 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -2561,6 +2561,12 @@ METHOD(ike_sa_t, roam, status_t,
 			break;
 	}
 
+	if (!this->ike_cfg)
+	{	/* this is the case for new HA SAs not yet in state IKE_PASSIVE and
+		 * without config assigned */
+		return SUCCESS;
+	}
+
 	/* ignore roam events if MOBIKE is not supported/enabled and the local
 	 * address is statically configured */
 	if (this->version == IKEV2 && !supports_extension(this, EXT_MOBIKE) &&