From 0159a5404754fcf4594329df8c5821c88035bd5f Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 25 Jun 2012 16:02:13 +0200 Subject: Check rng return value when generating SPIs in kernel-klips plugin --- src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c') diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c index b8d44d686..7e58cf30b 100644 --- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c @@ -1520,12 +1520,12 @@ METHOD(kernel_ipsec_t, get_spi, status_t, u_int32_t spi_gen; rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng) + if (!rng || !rng->get_bytes(rng, sizeof(spi_gen), (void*)&spi_gen)) { - DBG1(DBG_KNL, "allocating SPI failed: no RNG"); + DBG1(DBG_KNL, "allocating SPI failed"); + DESTROY_IF(rng); return FAILED; } - rng->get_bytes(rng, sizeof(spi_gen), (void*)&spi_gen); rng->destroy(rng); /* allocated SPIs lie within the range from 0xc0000000 to 0xcFFFFFFF */ -- cgit v1.2.3