From 0657c7c798ac6d9fa78f9a6b2d0970b3ea30cd33 Mon Sep 17 00:00:00 2001
From: tobhe <tobhe@cvs.openbsd.org>
Date: Tue, 14 Jul 2020 21:11:55 +0000
Subject: Properly clean up and dereference 'old' policy after failed lookup.

ok patrick@
---
 sbin/iked/ikev2.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'sbin/iked/ikev2.c')

diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index f5c90159b48..c8e79944902 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.232 2020/06/15 18:37:37 tobhe Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.233 2020/07/14 21:11:54 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -744,6 +744,9 @@ ikev2_ike_auth_recv(struct iked *env, struct iked_sa *sa,
 			log_info("%s: no compatible policy found",
 			    SPI_SA(sa, __func__));
 			ikev2_send_auth_failed(env, sa);
+			TAILQ_REMOVE(&old->pol_sapeers, sa, sa_peer_entry);
+			if (old->pol_flags & IKED_POLICY_REFCNT)
+				policy_unref(env, old);
 			return (-1);
 		}
 		if (msg->msg_policy != old) {
-- 
cgit v1.2.3