From 25ec2d04aa83249e95b85de6a3b376457b4bf76d Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 1 Dec 2020 12:12:25 +0100 Subject: [PATCH] child-rekey: Don't migrate child-create task if we already are deleting If we are already deleting the old/redundant CHILD_SA, we must not migrate the child-create task as that would destroy the new CHILD_SA we already moved to the IKE_SA. Fixes #3644. --- src/libcharon/sa/ikev2/tasks/child_rekey.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index 6b0f427856..36d7c4bff0 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -573,14 +573,15 @@ METHOD(child_rekey_t, collide, void, METHOD(task_t, migrate, void, private_child_rekey_t *this, ike_sa_t *ike_sa) { - if (this->child_create) - { - this->child_create->task.migrate(&this->child_create->task, ike_sa); - } + /* only migrate the currently active task */ if (this->child_delete) { this->child_delete->task.migrate(&this->child_delete->task, ike_sa); } + else if (this->child_create) + { + this->child_create->task.migrate(&this->child_create->task, ike_sa); + } DESTROY_IF(this->collision); this->ike_sa = ike_sa; -- 2.47.2