Check rng return value when generating fake NAT detection payloads

author: Tobias Brunner <tobias@strongswan.org> 2012-06-25 16:00:48 +0200
committer: Martin Willi <martin@revosec.ch> 2012-07-16 14:53:35 +0200
commit: 92f207477cf17d324e5ac6900e7e3ae868fb2951 (patch)
tree: 5267937d3e218545a671cf0359d4887189f52989 /src/libcharon/sa/ikev1/tasks
parent: ca9b68eb9e59efd273480e291f8e6a8bfab754dd (diff)
download: strongswan-92f207477cf17d324e5ac6900e7e3ae868fb2951.tar.bz2
strongswan-92f207477cf17d324e5ac6900e7e3ae868fb2951.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
index 44910175a..cd3bc21b0 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c
@@ -123,12 +123,13 @@ static chunk_t generate_natd_hash_faked(private_isakmp_natd_t *this)
 		return chunk_empty;
 	}
 	rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-	if (!rng)
+	if (!rng ||
+		!rng->allocate_bytes(rng, hasher->get_hash_size(hasher), &chunk))
 	{
 		DBG1(DBG_IKE, "unable to get random bytes for NAT-D fake");
+		DESTROY_IF(rng);
 		return chunk_empty;
 	}
-	rng->allocate_bytes(rng, hasher->get_hash_size(hasher), &chunk);
 	rng->destroy(rng);
 	return chunk;
 }
author	Tobias Brunner <tobias@strongswan.org>	2012-06-25 16:00:48 +0200
committer	Martin Willi <martin@revosec.ch>	2012-07-16 14:53:35 +0200
commit	92f207477cf17d324e5ac6900e7e3ae868fb2951 (patch)
tree	5267937d3e218545a671cf0359d4887189f52989 /src/libcharon/sa/ikev1/tasks
parent	ca9b68eb9e59efd273480e291f8e6a8bfab754dd (diff)
download	strongswan-92f207477cf17d324e5ac6900e7e3ae868fb2951.tar.bz2 strongswan-92f207477cf17d324e5ac6900e7e3ae868fb2951.tar.xz