Make sure sa_policy is not NULL in sa_configure_iface(). This can happen

if the SA is deleted because of a failed policy lookup.

diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c
index 189dd82..bef0cbf 100644 (file)
--- a/sbin/iked/policy.c
+++ b/sbin/iked/policy.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: policy.c,v 1.78 2021/02/13 16:14:12 tobhe Exp $       */
+/*     $OpenBSD: policy.c,v 1.79 2021/03/01 16:38:07 tobhe Exp $       */
 
 /*
  * Copyright (c) 2020-2021 Tobias Heider <tobhe@openbsd.org>
@@ -683,7 +683,7 @@ sa_configure_iface(struct iked *env, struct iked_sa *sa, int add)
        struct sockaddr_in6      mask6;
        int                      rdomain;
 
-       if (sa->sa_policy->pol_iface == 0)
+       if (sa->sa_policy == NULL || sa->sa_policy->pol_iface == 0)
                return (0);
 
        if (sa->sa_cp_addr) {