(when new sa is preferred than old sa)

even if we fail to send pfkey message, remove the old sa.

Obtained from:	KAME
MFC after:	1 week

1 files changed, 9 insertions, 9 deletions

diff --git a/sys/netkey/key.c b/sys/netkey/key.c
index b9e51bd..2306575 100644
--- a/sys/netkey/key.c
+++ b/sys/netkey/key.c
@@ -825,16 +825,14 @@ key_do_allocsa_policy(sah, state)
 		 * permanent.
 		 */
 		if (d->lft_c->sadb_lifetime_addtime != 0) {
-
 			struct mbuf *m, *result;
 
 			key_sa_chgstate(d, SADB_SASTATE_DEAD);
-			key_freesav(d);
 
 			m = key_setsadbmsg(SADB_DELETE, 0,
-					sav->sah->saidx.proto, 0, 0, d->refcnt);
+			    d->sah->saidx.proto, 0, 0, d->refcnt - 1);
 			if (!m)
-				return NULL;
+				goto msgfail;
 			result = m;
 
 			/* set sadb_address for saidx's. */
@@ -843,7 +841,7 @@ key_do_allocsa_policy(sah, state)
 				d->sah->saidx.src.ss_len << 3,
 				IPSEC_ULPROTO_ANY);
 			if (!m)
-				return NULL;
+				goto msgfail;
 			m_cat(result, m);
 
 			/* set sadb_address for saidx's. */
@@ -852,20 +850,20 @@ key_do_allocsa_policy(sah, state)
 				d->sah->saidx.src.ss_len << 3,
 				IPSEC_ULPROTO_ANY);
 			if (!m)
-				return NULL;
+				goto msgfail;
 			m_cat(result, m);
 
 			/* create SA extension */
 			m = key_setsadbsa(d);
 			if (!m)
-				return NULL;
+				goto msgfail;
 			m_cat(result, m);
 
 			if (result->m_len < sizeof(struct sadb_msg)) {
 				result = m_pullup(result,
 						sizeof(struct sadb_msg));
 				if (result == NULL)
-					return NULL;
+					goto msgfail;
 			}
 
 			result->m_pkthdr.len = 0;
@@ -876,7 +874,9 @@ key_do_allocsa_policy(sah, state)
 
 			if (key_sendup_mbuf(NULL, result,
 					KEY_SENDUP_REGISTERED))
-				return NULL;
+				goto msgfail;
+		 msgfail:
+			key_freesav(d);
 		}
 	}