diff options
| author | Martin Willi <martin@strongswan.org> | 2009-06-18 17:50:28 +0200 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2009-06-22 15:47:17 +0200 |
| commit | 960e0c104013207a9057e6e320b9cbf068cff013 (patch) | |
| tree | b41327bc17143129a0f1f006dd0d9f0fea65cecf /src/libstrongswan/plugins/plugin_loader.c | |
| parent | 20d4fc97cf5e5663f0f4489b4ec72080b6de34a8 (diff) | |
| download | strongswan-960e0c104013207a9057e6e320b9cbf068cff013.tar.bz2 strongswan-960e0c104013207a9057e6e320b9cbf068cff013.tar.xz | |
check integrity of plugins before loading
Diffstat (limited to 'src/libstrongswan/plugins/plugin_loader.c')
| -rw-r--r-- | src/libstrongswan/plugins/plugin_loader.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index ad5a9e240..f124a8e8b 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -20,8 +20,10 @@ #include <dlfcn.h> #include <limits.h> #include <stdio.h> +#include <link.h> #include <debug.h> +#include <integrity_checker.h> #include <utils/linked_list.h> #include <plugins/plugin.h> @@ -61,6 +63,12 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, name); + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, name, file)) + { + DBG1("file integrity test of plugin '%s' failed", name); + return NULL; + } handle = dlopen(file, RTLD_LAZY); if (handle == NULL) { @@ -74,6 +82,13 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, dlclose(handle); return NULL; } + if (lib->integrity && + !lib->integrity->check_segment(lib->integrity, name, constructor)) + { + DBG1("segment integrity test of plugin '%s' failed", name); + dlclose(handle); + return NULL; + } plugin = constructor(); if (plugin == NULL) { |