From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 5 May 2015 07:51:19 +0000 (+0200)
Subject: child-create: Destroy nonceg in migrate()
X-Git-Tag: 5.3.1rc1~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32df0d81fb468861c67de7fda6d4fd21d90241b5;p=thirdparty%2Fstrongswan.git

child-create: Destroy nonceg in migrate()

Since another nonce gets allocated later (if any was allocated already)
this would have resulted in a leaked nonce context ID when used in charon-tkm.
---

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index d74eaab43b..e0f930c3c7 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -221,6 +221,7 @@ static status_t get_nonce(message_t *message, chunk_t *nonce)
  */
 static bool generate_nonce(private_child_create_t *this)
 {
+	this->nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
 	if (!this->nonceg)
 	{
 		DBG1(DBG_IKE, "no nonce generator found to create nonce");
@@ -1580,6 +1581,7 @@ METHOD(task_t, migrate, void,
 	}
 	DESTROY_IF(this->child_sa);
 	DESTROY_IF(this->proposal);
+	DESTROY_IF(this->nonceg);
 	DESTROY_IF(this->dh);
 	this->dh_failed = FALSE;
 	if (this->proposals)
@@ -1671,7 +1673,6 @@ child_create_t *child_create_create(ike_sa_t *ike_sa,
 		.rekey = rekey,
 		.retry = FALSE,
 	);
-	this->nonceg = this->keymat->keymat.create_nonce_gen(&this->keymat->keymat);
 
 	if (config)
 	{