From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 30 Oct 2020 12:06:07 +0000 (+0100)
Subject: child-sa: Delete inbound SAs even if not installed to remove allocated SPIs
X-Git-Tag: 5.9.1rc1~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb87e63ca6e1ad688d30023d40ac72f48059abf9;p=thirdparty%2Fstrongswan.git

child-sa: Delete inbound SAs even if not installed to remove allocated SPIs

If we can't establish an SA, this should delete the allocated SPI.
---

diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index c776c274dc..9b06ebc3c3 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -1706,8 +1706,9 @@ METHOD(child_sa_t, destroy, void,
 		enumerator->destroy(enumerator);
 	}
 
-	/* delete SAs in the kernel, if they are set up */
-	if (this->my_spi && this->inbound_installed)
+	/* delete SAs in the kernel, if they are set up, inbound is always deleted
+	 * to remove allocated SPIs */
+	if (this->my_spi)
 	{
 		kernel_ipsec_sa_id_t id = {
 			.src = this->other_addr,