sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

ike-sa: Destroy CHILD_SAs in order

Browse Source 
This works around an issue that occurs when recreating an IKE_SA with
multiple CHILD_SAs that use dynamically allocated reqids.

We currently try to preserve the reqid when reestablishing, so the
create-child task gets the reqid of the previous CHILD_SA and will try
to reallocate that once the CHILD_SA is installed.  Before that, the old
CHILD_SA is destroyed and the reqid is released and added to the array
of reqids to get reused.  However, because of the reverse order used here,
the first reqid in the array is the one of the last CHILD_SA.

So it can happen that a newly created CHILD_SA gets a reqid reassigned
that a later CHILD_SA will then also claim for itself and get assigned
because an entry with that reqid exists.  So multiple CHILD_SAs with
different traffic selectors could then share the same reqid.

References strongswan/strongswan#1855
This commit is contained in:
Tobias Brunner 2023-09-07 17:33:00 +02:00
parent 190d8cbe19
commit 80e27fe9fd
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libcharon/sa/ike_sa.c
View File

@ -3021,7 +3021,7 @@ METHOD(ike_sa_t, destroy, void,
} }
/* uninstall CHILD_SAs before virtual IPs, otherwise we might kill /* uninstall CHILD_SAs before virtual IPs, otherwise we might kill
* routes that the CHILD_SA tries to uninstall. */ * routes that the CHILD_SA tries to uninstall. */
while (array_remove(this->child_sas, ARRAY_TAIL, &child_sa)) while (array_remove(this->child_sas, ARRAY_HEAD, &child_sa))
{ {
charon->child_sa_manager->remove(charon->child_sa_manager, child_sa); charon->child_sa_manager->remove(charon->child_sa_manager, child_sa);
child_sa->destroy(child_sa); child_sa->destroy(child_sa);