prf_plus_create() can return NULL on failure

author: Martin Willi <martin@revosec.ch> 2012-07-06 08:43:58 +0200
committer: Martin Willi <martin@revosec.ch> 2012-07-16 14:53:33 +0200
commit: edd54734c8d5223499fa9949a5cd39341939e93d (patch)
tree: ab8a6974c98811750a503166766913dc78f6eb7a /src/libcharon/sa/ikev2/keymat_v2.c
parent: 8207fe3eb3ec300cf992a021a960f91cca8a109c (diff)
download: strongswan-edd54734c8d5223499fa9949a5cd39341939e93d.tar.bz2
strongswan-edd54734c8d5223499fa9949a5cd39341939e93d.tar.xz
1 files changed, 10 insertions, 0 deletions
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index 55af8f1ec..3e36b098f 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -355,6 +355,12 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
 	chunk_free(&fixed_nonce);
 	chunk_clear(&prf_plus_seed);
 
+	if (!prf_plus)
+	{
+		DESTROY_IF(rekey_prf);
+		return FALSE;
+	}
+
 	/* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */
 
 	/* SK_d is used for generating CHILD_SA key mat => store for later use */
@@ -528,6 +534,10 @@ METHOD(keymat_v2_t, derive_child_keys, bool,
 
 	this->prf->set_key(this->prf, this->skd);
 	prf_plus = prf_plus_create(this->prf, TRUE, seed);
+	if (!prf_plus)
+	{
+		return FALSE;
+	}
 
 	if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) ||
 		!prf_plus->allocate_bytes(prf_plus, int_size, integ_i) ||
author	Martin Willi <martin@revosec.ch>	2012-07-06 08:43:58 +0200
committer	Martin Willi <martin@revosec.ch>	2012-07-16 14:53:33 +0200
commit	edd54734c8d5223499fa9949a5cd39341939e93d (patch)
tree	ab8a6974c98811750a503166766913dc78f6eb7a /src/libcharon/sa/ikev2/keymat_v2.c
parent	8207fe3eb3ec300cf992a021a960f91cca8a109c (diff)
download	strongswan-edd54734c8d5223499fa9949a5cd39341939e93d.tar.bz2 strongswan-edd54734c8d5223499fa9949a5cd39341939e93d.tar.xz