diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-06-25 15:59:48 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-07-16 14:53:35 +0200 |
| commit | 1bb9c51e87b07a19ff97c72d3acb64c4f05f5573 (patch) | |
| tree | 6a4c9f766752809d86c88d0388e8b7c56015b87f | |
| parent | 504918348dec1355a5d11a513830bdffb7204b8c (diff) | |
| download | strongswan-1bb9c51e87b07a19ff97c72d3acb64c4f05f5573.tar.bz2 strongswan-1bb9c51e87b07a19ff97c72d3acb64c4f05f5573.tar.xz | |
Check rng return value when generating IKEv1 message IDs
| -rw-r--r-- | src/libcharon/sa/ikev1/task_manager_v1.c | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 11d579991..0e88c9e0f 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -501,12 +501,17 @@ METHOD(task_manager_t, initiate, status_t, me = this->ike_sa->get_my_host(this->ike_sa); other = this->ike_sa->get_other_host(this->ike_sa); - message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION); if (new_mid) { - this->rng->get_bytes(this->rng, sizeof(this->initiating.mid), - (void*)&this->initiating.mid); + if (!this->rng->get_bytes(this->rng, sizeof(this->initiating.mid), + (void*)&this->initiating.mid)) + { + DBG1(DBG_IKE, "failed to allocate message ID, destroying IKE_SA"); + flush(this); + return DESTROY_ME; + } } + message = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION); message->set_message_id(message, this->initiating.mid); message->set_source(message, me->clone(me)); message->set_destination(message, other->clone(other)); @@ -721,11 +726,14 @@ static void send_notify(private_task_manager_t *this, message_t *request, DBG1(DBG_IKE, "ignore malformed INFORMATIONAL request"); return; } - + if (!this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid)) + { + DBG1(DBG_IKE, "failed to allocate message ID"); + return; + } response = message_create(IKEV1_MAJOR_VERSION, IKEV1_MINOR_VERSION); response->set_exchange_type(response, INFORMATIONAL_V1); response->set_request(response, TRUE); - this->rng->get_bytes(this->rng, sizeof(mid), (void*)&mid); response->set_message_id(response, mid); response->add_payload(response, (payload_t*) notify_payload_create_from_protocol_and_type(NOTIFY_V1, @@ -1678,9 +1686,13 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa) destroy(this); return NULL; } - - this->rng->get_bytes(this->rng, sizeof(this->dpd_send), - (void*)&this->dpd_send); + if (!this->rng->get_bytes(this->rng, sizeof(this->dpd_send), + (void*)&this->dpd_send)) + { + DBG1(DBG_IKE, "failed to allocate message ID, unable to create IKE_SA"); + destroy(this); + return NULL; + } this->dpd_send &= 0x7FFFFFFF; return &this->public; |