From: Martin Willi <martin@revosec.ch>
Date: Thu, 9 May 2013 14:29:18 +0000 (+0200)
Subject: issue: CHILD_SA reqid / IKE_SA unique ID counters get accessed non-atomic
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58075c1194d0f40d46171588f783cecf3bb6a502;p=thirdparty%2Fstrongswan.git

issue: CHILD_SA reqid / IKE_SA unique ID counters get accessed non-atomic

This may result in non-unique identifiers if threads access the variable
concurrently. While it is not very likely, we should fix that.

issue-status: open
issue-type: minor
issue-keyword: race, libcharon
---

diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 34435a1407..ef8d88ec9d 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -1142,6 +1142,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
 	if (!this->reqid)
 	{
 		/* reuse old reqid if we are rekeying an existing CHILD_SA */
+		/* BUG: the static variable reqid gets accessed non-atomic */
 		this->reqid = rekey ? rekey : ++reqid;
 	}
 
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index d7a9076b8a..4f21d4c9bd 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -2281,6 +2281,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator,
 		.other_auth = auth_cfg_create(),
 		.my_auths = linked_list_create(),
 		.other_auths = linked_list_create(),
+		/* BUG: static variable unique_id gets accessed non-atomic */
 		.unique_id = ++unique_id,
 		.peer_addresses = linked_list_create(),
 		.my_vips = linked_list_create(),