diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-06-25 15:57:13 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-07-16 14:53:36 +0200 |
| commit | 162f489a2780b676782f6f738d58b1c57512b86d (patch) | |
| tree | f0f01ea8c073e8d7fded92bf94c51b05dfe7d558 /src/libcharon/plugins/eap_mschapv2 | |
| parent | 7ae26710364bae6962457537f16c8a7bc1dddaa9 (diff) | |
| download | strongswan-162f489a2780b676782f6f738d58b1c57512b86d.tar.bz2 strongswan-162f489a2780b676782f6f738d58b1c57512b86d.tar.xz | |
Check rng return value when generating challenges in eap-md5 and mschapv2 plugins
Diffstat (limited to 'src/libcharon/plugins/eap_mschapv2')
| -rw-r--r-- | src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c index 9dfc69205..6e4eff689 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c @@ -577,12 +577,12 @@ METHOD(eap_method_t, initiate_server, status_t, u_int16_t len = CHALLENGE_PAYLOAD_LEN + sizeof(MSCHAPV2_HOST_NAME) - 1; rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) + if (!rng || !rng->allocate_bytes(rng, CHALLENGE_LEN, &this->challenge)) { - DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, no RNG"); + DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, no challenge"); + DESTROY_IF(rng); return FAILED; } - rng->allocate_bytes(rng, CHALLENGE_LEN, &this->challenge); rng->destroy(rng); eap = alloca(len); @@ -670,14 +670,14 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, this->mschapv2id = eap->ms_chapv2_id; this->challenge = chunk_clone(chunk_create(cha->challenge, CHALLENGE_LEN)); + peer_challenge = chunk_alloca(CHALLENGE_LEN); rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) + if (!rng || !rng->get_bytes(rng, CHALLENGE_LEN, peer_challenge.ptr)) { - DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, no RNG"); + DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, allocating challenge failed"); + DESTROY_IF(rng); return FAILED; } - peer_challenge = chunk_alloca(CHALLENGE_LEN); - rng->get_bytes(rng, CHALLENGE_LEN, peer_challenge.ptr); rng->destroy(rng); if (!get_nt_hash(this, this->peer, this->server, &nt_hash)) @@ -964,12 +964,12 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed, retry (%d)", this->retries); rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) + if (!rng || !rng->get_bytes(rng, CHALLENGE_LEN, this->challenge.ptr)) { - DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, no RNG"); + DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, allocating challenge failed"); + DESTROY_IF(rng); return FAILED; } - rng->get_bytes(rng, CHALLENGE_LEN, this->challenge.ptr); rng->destroy(rng); chunk_free(&this->nt_response); |