From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 30 Aug 2018 12:48:34 +0000 (+0200)
Subject: ike-init: Fix leak if KE payload creation fails
X-Git-Tag: 5.7.0rc1~4^2~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5e500c07effe05916abdd333f45b62005300cc9;p=thirdparty%2Fstrongswan.git

ike-init: Fix leak if KE payload creation fails
---

diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index 28e28e4106..307d992642 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -362,8 +362,6 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
 	}
 	message->add_payload(message, (payload_t*)sa_payload);
 
-	nonce_payload = nonce_payload_create(PLV2_NONCE);
-	nonce_payload->set_nonce(nonce_payload, this->my_nonce);
 	ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE,
 													   this->dh);
 	if (!ke_payload)
@@ -371,6 +369,8 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
 		DBG1(DBG_IKE, "creating KE payload failed");
 		return FALSE;
 	}
+	nonce_payload = nonce_payload_create(PLV2_NONCE);
+	nonce_payload->set_nonce(nonce_payload, this->my_nonce);
 
 	if (this->old_sa)
 	{	/* payload order differs if we are rekeying */