From a09e79ed5d3147da91d1331002ed1438fdd67496 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 29 May 2017 10:49:57 +0200
Subject: [PATCH] ike-cfg: Fix memory leak when matching against ranges

traffic_selector_t::to_subnet() always sets the net/host (unless the
address family was invalid).

Fixes: 3070697f9f7c ("ike: support multiple addresses, ranges and subnets in IKE address config")
---
 src/libcharon/config/ike_cfg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index 480dd3720e..93300781dc 100644
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -224,12 +224,12 @@ static u_int match(linked_list_t *hosts, linked_list_t *ranges, host_t *cand)
 			if (ts->to_subnet(ts, &host, &mask))
 			{
 				quality = max(quality, mask + 1);
-				host->destroy(host);
 			}
 			else
 			{
 				quality = max(quality, 1);
 			}
+			host->destroy(host);
 		}
 	}
 	enumerator->destroy(enumerator);
-- 
2.47.3