2 files changed, 7 insertions, 2 deletions

diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index 6acbc6eef..bebd74160 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -1438,6 +1438,11 @@ static status_t process_message(private_ike_sa_t *this, message_t *message)
 			 exchange_type_names, message->get_exchange_type(message),
 			 message->get_request(message) ? "request" : "response",
 			 message->get_message_id(message));
+		
+		if (this->state == IKE_CREATED)
+		{	/* invalid initiation attempt, close SA */
+			return DESTROY_ME;
+		}
 		return status;
 	}
 	else
diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c
index f6043979f..c07cd37b8 100644
--- a/src/charon/sa/tasks/child_create.c
+++ b/src/charon/sa/tasks/child_create.c
@@ -1137,11 +1137,11 @@ static void destroy(private_child_create_t *this)
 {
 	chunk_free(&this->my_nonce);
 	chunk_free(&this->other_nonce);
-	if (this->tsi)
+	if (this->tsr)
 	{
 		this->tsr->destroy_offset(this->tsr, offsetof(traffic_selector_t, destroy));
 	}
-	if (this->tsr)
+	if (this->tsi)
 	{
 		this->tsi->destroy_offset(this->tsi, offsetof(traffic_selector_t, destroy));
 	}