Properly clean up and dereference 'old' policy after failed lookup.

ok patrick@
author: tobhe <tobhe@openbsd.org> 2020-07-14 21:11:54 +0000
committer: tobhe <tobhe@openbsd.org> 2020-07-14 21:11:54 +0000
commit: 6ae00b2d6b6fb4cebb0689cd0a6591e6f739dc0f (patch)
tree: 64c98c70c3143a8c98a26a7cabcd52cb5e5e9057
parent: Print real/avail mem like we do on all other architectures. (diff)
download: wireguard-openbsd-6ae00b2d6b6fb4cebb0689cd0a6591e6f739dc0f.tar.xz
wireguard-openbsd-6ae00b2d6b6fb4cebb0689cd0a6591e6f739dc0f.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index f5c90159b48..c8e79944902 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.232 2020/06/15 18:37:37 tobhe Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.233 2020/07/14 21:11:54 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -744,6 +744,9 @@ ikev2_ike_auth_recv(struct iked *env, struct iked_sa *sa,
 			log_info("%s: no compatible policy found",
 			    SPI_SA(sa, __func__));
 			ikev2_send_auth_failed(env, sa);
+			TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry);
+			if (old->pol_flags & IKED_POLICY_REFCNT)
+				policy_unref(env, old);
 			return (-1);
 		}
 		if (msg->msg_policy != old) {
author	tobhe <tobhe@openbsd.org>	2020-07-14 21:11:54 +0000
committer	tobhe <tobhe@openbsd.org>	2020-07-14 21:11:54 +0000
commit	6ae00b2d6b6fb4cebb0689cd0a6591e6f739dc0f (patch)
tree	64c98c70c3143a8c98a26a7cabcd52cb5e5e9057
parent	Print real/avail mem like we do on all other architectures. (diff)
download	wireguard-openbsd-6ae00b2d6b6fb4cebb0689cd0a6591e6f739dc0f.tar.xz wireguard-openbsd-6ae00b2d6b6fb4cebb0689cd0a6591e6f739dc0f.zip