From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 19 Feb 2018 14:09:34 +0000 (+0100)
Subject: child-rekey: Don't destroy IKE_SA if initiating CHILD_SA rekeying failed
X-Git-Tag: 5.6.3dr1~44^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=574f74d232aab2a3d2809de8e622e8e7ae8cc50e;p=thirdparty%2Fstrongswan.git

child-rekey: Don't destroy IKE_SA if initiating CHILD_SA rekeying failed

This could happen if the peer e.g. selects an invalid DH group or
responds multiple time with an INVALID_KE_PAYLAOD notify.
---

diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
index f90056658f..3ca29bca48 100644
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
@@ -213,7 +213,8 @@ METHOD(task_t, build_i, status_t,
 									   message) != NEED_MORE)
 	{
 		schedule_delayed_rekey(this);
-		return FAILED;
+		message->set_exchange_type(message, EXCHANGE_TYPE_UNDEFINED);
+		return SUCCESS;
 	}
 	if (message->get_exchange_type(message) == CREATE_CHILD_SA)
 	{