From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 24 Nov 2020 08:24:25 +0000 (+0100)
Subject: mem-pool: Be less strict when reassigning existing online leases
X-Git-Tag: 5.9.2dr2~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=414f2c37542bc7d76b79d0f09b7eb2ba065fe959;p=thirdparty%2Fstrongswan.git

mem-pool: Be less strict when reassigning existing online leases

Also assign online leases to a peer connecting from the same endpoint
when it requests any virtual IP.  This is mainly a workaround for
Windows clients that remember the virtual IPv6 address and re-request it
the next time the connection is initiated (even if it is not a
reauthentication) but don't do the same for virtual IPv4 addresses.
This can result in duplicate policies with different reqids because
these are allocated for unique sets of traffic selectors.

Fixes #3541.
---

diff --git a/src/libcharon/attributes/mem_pool.c b/src/libcharon/attributes/mem_pool.c
index 9fca4645c8..d2dd0d83cc 100644
--- a/src/libcharon/attributes/mem_pool.c
+++ b/src/libcharon/attributes/mem_pool.c
@@ -307,8 +307,9 @@ static int get_existing(private_mem_pool_t *this, identification_t *id,
 	enumerator = array_create_enumerator(entry->online);
 	while (enumerator->enumerate(enumerator, &lease))
 	{
-		if (lease->offset == host2offset(this, requested) &&
-			lease->hash == hash_addr(peer))
+		if (lease->hash == hash_addr(peer) &&
+			(requested->is_anyaddr(requested) ||
+			 lease->offset == host2offset(this, requested)))
 		{
 			offset = lease->offset;
 			/* add an additional "online" entry */