diff options
| author | Martin Willi <martin@strongswan.org> | 2009-06-19 17:27:57 +0200 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2009-06-22 15:47:17 +0200 |
| commit | 6a8c8815fe112059d7724f40687c377568b15ee3 (patch) | |
| tree | bfd4010ea808fdc16ad5d7764dc34a0466042995 /src | |
| parent | d88bcee079c94e9e63f03c84b66df94be947beec (diff) | |
| download | strongswan-6a8c8815fe112059d7724f40687c377568b15ee3.tar.bz2 strongswan-6a8c8815fe112059d7724f40687c377568b15ee3.tar.xz | |
check on-disk and loaded segment integrity of libstrongswan
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/integrity_checker.c | 26 | ||||
| -rw-r--r-- | src/libstrongswan/integrity_checker.h | 9 | ||||
| -rw-r--r-- | src/libstrongswan/library.c | 3 |
3 files changed, 35 insertions, 3 deletions
diff --git a/src/libstrongswan/integrity_checker.c b/src/libstrongswan/integrity_checker.c index 813ae9e43..3643c0af6 100644 --- a/src/libstrongswan/integrity_checker.c +++ b/src/libstrongswan/integrity_checker.c @@ -137,7 +137,7 @@ static u_int32_t build_segment(private_integrity_checker_t *this, void *sym) if (dladdr(sym, &dli) == 0) { - DBG1("unable to locate symbol: %s", strerror(errno)); + DBG1("unable to locate symbol: %s", dlerror()); return 0; } /* we reuse the Dl_info struct as in/out parameter */ @@ -221,6 +221,29 @@ static bool check_segment(private_integrity_checker_t *this, } /** + * Implementation of integrity_checker_t.check + */ +static bool check(private_integrity_checker_t *this, char *name, void *sym) +{ + Dl_info dli; + + if (dladdr(sym, &dli) == 0) + { + DBG1("unable to locate symbol: %s", dlerror()); + return FALSE; + } + if (!check_file(this, name, (char*)dli.dli_fname)) + { + return FALSE; + } + if (!check_segment(this, name, sym)) + { + return FALSE; + } + return TRUE; +} + +/** * Implementation of integrity_checker_t.destroy. */ static void destroy(private_integrity_checker_t *this) @@ -243,6 +266,7 @@ integrity_checker_t *integrity_checker_create(char *checksum_library) this->public.build_file = (u_int32_t(*)(integrity_checker_t*, char *file))build_file; this->public.check_segment = (bool(*)(integrity_checker_t*, char *name, void *sym))check_segment; this->public.build_segment = (u_int32_t(*)(integrity_checker_t*, void *sym))build_segment; + this->public.check = (bool(*)(integrity_checker_t*, char *name, void *sym))check; this->public.destroy = (void(*)(integrity_checker_t*))destroy; this->checksum_count = 0; diff --git a/src/libstrongswan/integrity_checker.h b/src/libstrongswan/integrity_checker.h index ec4961e01..d10de5b5b 100644 --- a/src/libstrongswan/integrity_checker.h +++ b/src/libstrongswan/integrity_checker.h @@ -82,6 +82,15 @@ struct integrity_checker_t { u_int32_t (*build_segment)(integrity_checker_t *this, void *sym); /** + * Check both, on disk file integrity and loaded segment. + * + * @param name name to lookup checksum + * @param sym a symbol to look up library and segment + * @return TRUE if integrity tested successfully + */ + bool (*check)(integrity_checker_t *this, char *name, void *sym); + + /** * Destroy a integrity_checker_t. */ void (*destroy)(integrity_checker_t *this); diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index 217dbc045..0116b8e3d 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -132,8 +132,7 @@ bool library_init(char *settings) "libstrongswan.integrity_test", FALSE)) { this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY); - if (!lib->integrity->check_segment(lib->integrity, - "libstrongswan", library_init)) + if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init)) { DBG1("integrity check of libstrongswan failed"); return FALSE; |