From 4bfd93b8dbb5ce573b80eb4fd6477205cc9e5327 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 2 Oct 2023 16:00:07 +0200 Subject: [PATCH] child-create: Maintain reference to reqid while CHILD_SA is established --- src/libcharon/sa/ikev2/tasks/child_create.c | 15 ++++++++++++++- src/libcharon/sa/ikev2/tasks/child_create.h | 4 ++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 9282648209..a40941e668 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -1925,7 +1925,16 @@ METHOD(task_t, process_i, status_t, METHOD(child_create_t, use_reqid, void, private_child_create_t *this, uint32_t reqid) { - this->child.reqid = reqid; + uint32_t existing_reqid = this->child.reqid; + + if (!reqid || charon->kernel->ref_reqid(charon->kernel, reqid) == SUCCESS) + { + this->child.reqid = reqid; + if (existing_reqid) + { + charon->kernel->release_reqid(charon->kernel, existing_reqid); + } + } } METHOD(child_create_t, use_marks, void, @@ -2064,6 +2073,10 @@ METHOD(task_t, destroy, void, { DESTROY_IF(this->child_sa); } + if (this->child.reqid) + { + charon->kernel->release_reqid(charon->kernel, this->child.reqid); + } DESTROY_IF(this->packet_tsi); DESTROY_IF(this->packet_tsr); DESTROY_IF(this->proposal); diff --git a/src/libcharon/sa/ikev2/tasks/child_create.h b/src/libcharon/sa/ikev2/tasks/child_create.h index 705b7e1169..62de4c6862 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.h +++ b/src/libcharon/sa/ikev2/tasks/child_create.h @@ -49,6 +49,10 @@ struct child_create_t { * When this task is used for rekeying, the same reqid is used * for the new CHILD_SA. * + * This must only be called with dynamically allocated reqids (i.e. from + * kernel_interface_t::alloc_reqid()), the method takes a reference that's + * maintained for the lifetime of the task. + * * @param reqid reqid to use */ void (*use_reqid) (child_create_t *this, uint32_t reqid); -- 2.47.2