From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 31 May 2013 17:01:05 +0000 (+0200)
Subject: Properly compare CHILD_SAs during rekey collision
X-Git-Tag: 5.1.0dr1~127
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3873526f3e83f537562859ef1d9326596eaf6609;p=thirdparty%2Fstrongswan.git

Properly compare CHILD_SAs during rekey collision

The previous code did not properly check for the situation when the
DELETE for a redundant CHILD_SA created by a responder during a
CHILD_SA rekey collision arrives before the responder's answer to the
initiator's winning CREATE_CHILD_SA request.
---

diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
index 262cb10e0a..d2003bb452 100644
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
@@ -399,12 +399,19 @@ METHOD(child_rekey_t, collide, void,
 	else if (other->get_type(other) == TASK_CHILD_DELETE)
 	{
 		child_delete_t *del = (child_delete_t*)other;
-		if (del->get_child(del) == this->child_create->get_child(this->child_create))
+		if (this->collision &&
+			this->collision->get_type(this->collision) == TASK_CHILD_REKEY)
 		{
-			/* peer deletes redundant child created in collision */
-			this->other_child_destroyed = TRUE;
-			other->destroy(other);
-			return;
+			private_child_rekey_t *rekey;
+
+			rekey = (private_child_rekey_t*)this->collision;
+			if (del->get_child(del) == rekey->child_create->get_child(rekey->child_create))
+			{
+				/* peer deletes redundant child created in collision */
+				this->other_child_destroyed = TRUE;
+				other->destroy(other);
+				return;
+			}
 		}
 		if (del->get_child(del) != this->child_sa)
 		{