From: Tobias Brunner Date: Wed, 7 Jun 2017 13:46:26 +0000 (+0200) Subject: charon-tkm: Return cloned host from tkm_kernel_sad_t::get_dst_host() X-Git-Tag: 5.6.0dr1~30 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dad4f6a178af841ecc5b01d830c3610027f8b84e;p=thirdparty%2Fstrongswan.git charon-tkm: Return cloned host from tkm_kernel_sad_t::get_dst_host() When an expire is triggered while rekeying, the CHILD_SA might be deleted while the returned host is still used to queue a rekey job for the CHILD_SA. --- diff --git a/src/charon-tkm/src/ees/ees_callbacks.c b/src/charon-tkm/src/ees/ees_callbacks.c index f4107d90a1..a36629b131 100644 --- a/src/charon-tkm/src/ees/ees_callbacks.c +++ b/src/charon-tkm/src/ees/ees_callbacks.c @@ -47,4 +47,5 @@ void charon_esa_expire(result_type *res, const sp_id_type sp_id, DBG1(DBG_KNL, "ees: expire received for reqid %u, spi %x, dst %H", sp_id, ntohl(spi_rem), dst); charon->kernel->expire(charon->kernel, protocol, spi_rem, dst, hard != 0); + dst->destroy(dst); } diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.c b/src/charon-tkm/src/tkm/tkm_kernel_sad.c index 97226f1ac5..c888f2561c 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.c @@ -283,7 +283,7 @@ METHOD(tkm_kernel_sad_t, get_dst_host, host_t *, (void**)&entry, &reqid, &spi, &proto); if (res && entry) { - dst = entry->dst; + dst = entry->dst->clone(entry->dst); DBG3(DBG_KNL, "returning destination host %H of SAD entry (reqid: %u," " spi: %x, proto: %u)", dst, reqid, ntohl(spi), proto); } diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.h b/src/charon-tkm/src/tkm/tkm_kernel_sad.h index ba64621924..63d02b7e42 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.h +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.h @@ -79,7 +79,8 @@ struct tkm_kernel_sad_t { * @param reqid reqid of CHILD SA * @param spi Remote SPI of CHILD SA * @param proto protocol of CHILD SA (ESP/AH) - * @return destination host of entry if found, NULL otherwise + * @return destination host of entry if found (cloned), + * NULL otherwise */ host_t * (*get_dst_host)(tkm_kernel_sad_t * const this, const uint32_t reqid, const uint32_t spi, const uint8_t proto);