diff options
| author | Martin Willi <martin@revosec.ch> | 2012-07-06 14:17:01 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-07-16 14:53:37 +0200 |
| commit | 76a98ee2a1578a7f1f95b63846cefffad9b1df63 (patch) | |
| tree | fe00bce63566fe8fbdcd7b6b9aaaa2066c27d494 | |
| parent | 71c41410fc0b3c9022f1fe59f7b988363b84abea (diff) | |
| download | strongswan-76a98ee2a1578a7f1f95b63846cefffad9b1df63.tar.bz2 strongswan-76a98ee2a1578a7f1f95b63846cefffad9b1df63.tar.xz | |
Check rng return value when generating libfast session COOKIEs
| -rw-r--r-- | src/libfast/dispatcher.c | 14 | ||||
| -rw-r--r-- | src/libfast/session.c | 18 | ||||
| -rw-r--r-- | src/libfast/session.h | 1 |
3 files changed, 27 insertions, 6 deletions
diff --git a/src/libfast/dispatcher.c b/src/libfast/dispatcher.c index e5fca7074..63c872e35 100644 --- a/src/libfast/dispatcher.c +++ b/src/libfast/dispatcher.c @@ -179,10 +179,16 @@ static session_entry_t *session_entry_create(private_dispatcher_t *this, char *host) { session_entry_t *entry; + session_t *session; + session = load_session(this); + if (!session) + { + return NULL; + } INIT(entry, .cond = condvar_create(CONDVAR_TYPE_DEFAULT), - .session = load_session(this), + .session = session, .host = strdup(host), .used = time_monotonic(NULL), ); @@ -324,6 +330,12 @@ static void dispatch(private_dispatcher_t *this) else { /* create a new session if not found */ found = session_entry_create(this, request->get_host(request)); + if (!found) + { + request->destroy(request); + this->mutex->unlock(this->mutex); + continue; + } sid = found->session->get_sid(found->session); this->sessions->put(this->sessions, sid, found); } diff --git a/src/libfast/session.c b/src/libfast/session.c index 1d9ed0107..99f2dcb38 100644 --- a/src/libfast/session.c +++ b/src/libfast/session.c @@ -78,20 +78,24 @@ METHOD(session_t, add_filter, void, /** * Create a session ID and a cookie */ -static void create_sid(private_session_t *this) +static bool create_sid(private_session_t *this) { char buf[COOKIE_LEN]; rng_t *rng; - memset(buf, 0, sizeof(buf)); - memset(this->sid, 0, sizeof(this->sid)); rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (rng) { - rng->get_bytes(rng, sizeof(buf), buf); + return FALSE; + } + if (!rng->get_bytes(rng, sizeof(buf), buf)) + { rng->destroy(rng); + return FALSE; } + rng->destroy(rng); chunk_to_hex(chunk_create(buf, sizeof(buf)), this->sid, FALSE); + return TRUE; } /** @@ -212,7 +216,11 @@ session_t *session_create(context_t *context) .filters = linked_list_create(), .context = context, ); - create_sid(this); + if (!create_sid(this)) + { + destroy(this); + return NULL; + } return &this->public; } diff --git a/src/libfast/session.h b/src/libfast/session.h index f60fa9ef2..acbab8964 100644 --- a/src/libfast/session.h +++ b/src/libfast/session.h @@ -70,6 +70,7 @@ struct session_t { * Create a session new session. * * @param context user defined session context instance + * @return client session, NULL on error */ session_t *session_create(context_t *context); |