diff options
| author |   patrick <patrick@openbsd.org> | 2017-02-24 11:23:02 +0000 |
|---|---|---|
| committer | patrick <patrick@openbsd.org> | 2017-02-24 11:23:02 +0000 |
| commit | b56c27fdf8c4572e25bbf9fa8af5c80bf9f0e75c (patch) | |
| tree | d0858098196aeeac93ed905fe1f64ca32a61b7b7 | |
| parent | Add the following root CAs, from SECOM Trust Systems / Security Communication (diff) | |
| download | wireguard-openbsd-b56c27fdf8c4572e25bbf9fa8af5c80bf9f0e75c.tar.xz wireguard-openbsd-b56c27fdf8c4572e25bbf9fa8af5c80bf9f0e75c.zip | |
In a scenario where a config reload happens during an IKE_AUTH exchange,
and we move an SA from one to another policy, we need to make sure to do
refcounting if the policies involved are already in the garbage collect
phase.
ok markus@ mikeb@
| -rw-r--r-- | sbin/iked/ikev2.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index bf2a015326d..4efd8c37fc2 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.133 2017/01/20 14:12:32 mikeb Exp $ */ +/* $OpenBSD: ikev2.c,v 1.134 2017/02/24 11:23:02 patrick Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -520,6 +520,10 @@ ikev2_ike_auth_recv(struct iked *env, struct iked_sa *sa, TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); TAILQ_INSERT_TAIL(&policy->pol_sapeers, sa, sa_peer_entry); + if (old->pol_flags & IKED_POLICY_REFCNT) + policy_unref(env, old); + if (policy->pol_flags & IKED_POLICY_REFCNT) + policy_ref(env, policy); } else { /* restore */ msg->msg_policy = sa->sa_policy = old; |