Check rng return value when encrypting encryption payload

author: Tobias Brunner <tobias@strongswan.org> 2012-06-25 15:54:57 +0200
committer: Martin Willi <martin@revosec.ch> 2012-07-16 14:53:35 +0200
commit: ca9b68eb9e59efd273480e291f8e6a8bfab754dd (patch)
tree: df8373e5f4c6cf1fcfd7cbb9f8200456b4caf839
parent: 5d91d8c46937c45824ca2afcb726723527481539 (diff)
download: strongswan-ca9b68eb9e59efd273480e291f8e6a8bfab754dd.tar.bz2
strongswan-ca9b68eb9e59efd273480e291f8e6a8bfab754dd.tar.xz
1 files changed, 8 insertions, 2 deletions
diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c
index 842e516d7..c40bd2a2b 100644
--- a/src/libcharon/encoding/payloads/encryption_payload.c
+++ b/src/libcharon/encoding/payloads/encryption_payload.c
@@ -356,8 +356,14 @@ METHOD(encryption_payload_t, encrypt, bool,
 	crypt = chunk_create(plain.ptr, plain.len + padding.len);
 	generator->destroy(generator);
 
-	rng->get_bytes(rng, iv.len, iv.ptr);
-	rng->get_bytes(rng, padding.len - 1, padding.ptr);
+	if (!rng->get_bytes(rng, iv.len, iv.ptr) ||
+		!rng->get_bytes(rng, padding.len - 1, padding.ptr))
+	{
+		DBG1(DBG_ENC, "encrypting encryption payload failed, no IV or padding");
+		rng->destroy(rng);
+		free(assoc.ptr);
+		return FALSE;
+	}
 	padding.ptr[padding.len - 1] = padding.len - 1;
 	rng->destroy(rng);
author	Tobias Brunner <tobias@strongswan.org>	2012-06-25 15:54:57 +0200
committer	Martin Willi <martin@revosec.ch>	2012-07-16 14:53:35 +0200
commit	ca9b68eb9e59efd273480e291f8e6a8bfab754dd (patch)
tree	df8373e5f4c6cf1fcfd7cbb9f8200456b4caf839
parent	5d91d8c46937c45824ca2afcb726723527481539 (diff)
download	strongswan-ca9b68eb9e59efd273480e291f8e6a8bfab754dd.tar.bz2 strongswan-ca9b68eb9e59efd273480e291f8e6a8bfab754dd.tar.xz