diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2020-07-14 21:11:55 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2020-07-14 21:11:55 +0000 |
| commit | 0657c7c798ac6d9fa78f9a6b2d0970b3ea30cd33 (patch) | |
| tree | 8fbb1a979fe4d6c7988e123cdc611b9d95ef81c5 /sbin/iked/ikev2.c | |
| parent | f799a8ecab68f6a38033c9899e1381aa2d42e71e (diff) | |
Properly clean up and dereference 'old' policy after failed lookup.
ok patrick@
Diffstat (limited to 'sbin/iked/ikev2.c')
| -rw-r--r-- | sbin/iked/ikev2.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index f5c90159b48..c8e79944902 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.232 2020/06/15 18:37:37 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.233 2020/07/14 21:11:54 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -744,6 +744,9 @@ ikev2_ike_auth_recv(struct iked *env, struct iked_sa *sa, log_info("%s: no compatible policy found", SPI_SA(sa, __func__)); ikev2_send_auth_failed(env, sa); + TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry); + if (old->pol_flags & IKED_POLICY_REFCNT) + policy_unref(env, old); return (-1); } if (msg->msg_policy != old) { |