From 392a9b110991f1246922b8689e94e3f9c2340ae0 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 6 Jul 2012 10:49:46 +0200
Subject: Check rng return value when generating SCEP sender nonce

---
 src/scepclient/scep.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'src/scepclient/scep.c')

diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c
index 6b68a4742..d6cf5f2cc 100644
--- a/src/scepclient/scep.c
+++ b/src/scepclient/scep.c
@@ -183,7 +183,7 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID,
 /**
  * Adds a senderNonce attribute to the given pkcs9 attribute list
  */
-static void add_senderNonce_attribute(pkcs9_t *pkcs9)
+static bool add_senderNonce_attribute(pkcs9_t *pkcs9)
 {
 	const size_t nonce_len = 16;
 	u_char nonce_buf[nonce_len];
@@ -191,10 +191,15 @@ static void add_senderNonce_attribute(pkcs9_t *pkcs9)
 	rng_t *rng;
 
 	rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
-	rng->get_bytes(rng, nonce_len, nonce_buf);
+	if (!rng || !rng->get_bytes(rng, nonce_len, nonce_buf))
+	{
+		DESTROY_IF(rng);
+		return FALSE;
+	}
 	rng->destroy(rng);
 
 	pkcs9->set_attribute(pkcs9, OID_PKI_SENDER_NONCE, senderNonce);
+	return TRUE;
 }
 
 /**
@@ -222,7 +227,12 @@ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
 	pkcs9 = pkcs9_create();
 	pkcs9->set_attribute(pkcs9, OID_PKI_TRANS_ID, transID);
 	pkcs9->set_attribute(pkcs9, OID_PKI_MESSAGE_TYPE, msgType);
-	add_senderNonce_attribute(pkcs9);
+	if (!add_senderNonce_attribute(pkcs9))
+	{
+		pkcs9->destroy(pkcs9);
+		pkcs7->destroy(pkcs7);
+		return chunk_empty;
+	}
 
 	pkcs7->set_attributes(pkcs7, pkcs9);
 	pkcs7->set_certificate(pkcs7, signer_cert->get_ref(signer_cert));
-- 
cgit v1.2.3