From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 1 Dec 2020 11:12:25 +0000 (+0100)
Subject: child-rekey: Don't migrate child-create task if we already are deleting
X-Git-Tag: 5.9.2dr1~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25ec2d04aa83249e95b85de6a3b376457b4bf76d;p=thirdparty%2Fstrongswan.git

child-rekey: Don't migrate child-create task if we already are deleting

If we are already deleting the old/redundant CHILD_SA, we must not
migrate the child-create task as that would destroy the new CHILD_SA we
already moved to the IKE_SA.

Fixes #3644.
---

diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
index 6b0f427856..36d7c4bff0 100644
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
@@ -573,14 +573,15 @@ METHOD(child_rekey_t, collide, void,
 METHOD(task_t, migrate, void,
 	private_child_rekey_t *this, ike_sa_t *ike_sa)
 {
-	if (this->child_create)
-	{
-		this->child_create->task.migrate(&this->child_create->task, ike_sa);
-	}
+	/* only migrate the currently active task */
 	if (this->child_delete)
 	{
 		this->child_delete->task.migrate(&this->child_delete->task, ike_sa);
 	}
+	else if (this->child_create)
+	{
+		this->child_create->task.migrate(&this->child_create->task, ike_sa);
+	}
 	DESTROY_IF(this->collision);
 
 	this->ike_sa = ike_sa;