From: Thomas Egerer <thomas.egerer@secunet.com>
Date: Fri, 3 Dec 2010 08:23:06 +0000 (+0100)
Subject: Guarantee entry->other is set when calling put_connected_peers
X-Git-Tag: 4.5.1~409
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76ce213c4367e95af7220e9baf828b7924bdc17b;p=thirdparty%2Fstrongswan.git

Guarantee entry->other is set when calling put_connected_peers

Given the original intent of entry->host, the check for DoS attacks, it
can happen that this value remains NULL when an entry is created. This
is particularly awkward if put_connected_peers is called to check if a
connection to a given peer already exists, since it takes the address
family into consideration (git commit b74219d0) which is gleaned from
entry->host.
This patch guarantees that entry->other is a clone of host before
put_connected_peers is called.
---

diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 3c22907963..31f14f0d49 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -85,7 +85,9 @@ struct entry_t {
 	chunk_t init_hash;
 
 	/**
-	 * remote host address, required for DoS detection
+	 * remote host address, required for DoS detection and duplicate
+	 * checking (host with same my_id and other_id is *not* considered
+	 * a duplicate if the address family differs)
 	 */
 	host_t *other;
 
@@ -1326,6 +1328,10 @@ static void checkin(private_ike_sa_manager_t *this, ike_sa_t *ike_sa)
 	{
 		entry->my_id = my_id->clone(my_id);
 		entry->other_id = other_id->clone(other_id);
+		if (!entry->other)
+		{
+			entry->other = other->clone(other);
+		}
 		put_connected_peers(this, entry);
 	}